Founder
February 24, 2026
27 min read
One of the most radical breaking points created by blockchain technology in financial and organizational paradigms is undoubtedly the concept of Decentralized Autonomous Organizations (DAOs). Rejecting the hierarchical, centralized, and human-based governance models of traditional corporate law, DAOs are structures where rules are embedded in smart contracts and decisions are made by token holders across a distributed network. This guide aims to systematically present the legal framework applicable as of 2026 for developers, investors, and legal practitioners seeking to conduct DAO activities in Turkey.
Key Message: DAOs create an ontological conflict that challenges the fundamental concepts of law; the status of these structures under Turkish law is not merely a question of regulatory compliance but rather a test of law's evolutionary capacity in the face of technology.
DAO (Decentralized Autonomous Organization) refers to organizations in which decision-making processes are carried out through transparent, immutable, and cryptographically secured code sequences, free from human intervention; and in which ownership and voting rights are distributed to the community through tokens.
From a technical standpoint, DAOs consist of smart contracts, token economics, and distributed consensus mechanisms. DAOs enable decentralized finance (DeFi) protocols such as MakerDAO, Uniswap, and Aave to manage interest rates, smart contract updates, and treasury through token holder voting. These structures, which resolve agency costs arising between shareholders and management in traditional companies through algorithmic consensus mechanisms, manage billions of dollars in digital assets globally.
The philosophical backbone of the DAO ecosystem is built on the "Code is Law" motto. This paradigm assumes an order in which rules are embedded in smart contracts and code is executed in an immutable manner.
However, this approach directly conflicts with the rule of law. Traditional legal systems envisage regulatory frameworks based on centralized authority exercised by the legislative, executive, and judicial branches. The immutable, distributed, and autonomous structure of blockchain is in ontological incompatibility with this centralized authority of states.
Practical implication: There is no central server administrator to enforce a court's annulment or restitution order on the blockchain. Implementation of the decision is technically possible only by persuading all global network validators to fork the blockchain retrospectively (hard fork)—which demonstrates that cryptographic consensus, not law, is the ultimate authority. Therefore, the "Code is Law" argument falls far short of providing an immunity shield against the mandatory legal rules of the Republic of Turkey.
Governance: Web2 companies—hierarchical structure and board decisions; Web3 DAOs—distributed structure and token holder voting.
Ownership: Web2—shares and equity; Web3—governance token and liquidity provision.
Decision-Making: Web2—1 share = 1 vote (capital dominance); Web3—distributed voting and participation-based models.
Legal Personality: Web2—Joint Stock Company or Limited Liability Company; Web3—undefined under Turkish law and ordinary partnership risk.
Headquarters: Web2—physical headquarters and registry; Web3—geographically dispersed, on-chain records.
Liability: Web2—limited in capital companies; Web3—joint and several and unlimited under ordinary partnership assumption.
The fundamental raison d'être of DAOs is to ensure decentralized and non-centralized participation. While the dominant principle in capital companies is "the power of capital," in the DAO ecosystem decisions are democratized through participation-based models rather than capital alone.
Legal systems have constructed the capacity to hold rights and incur obligations through the concept of "person." Under the Turkish Civil Code and Turkish Commercial Code, persons are divided into natural persons and legal persons. Types of legal personality (Joint Stock Company, Limited Liability Company, Association, Foundation, etc.) are regulated in law pursuant to the numerus clausus (closed list) principle.
This strict doctrinal approach means that no organizational form not expressly defined by the legislator and whose establishment procedures are not prescribed may acquire independent legal personality by the mere will of the parties.
Conclusion: Unlike jurisdictions such as Wyoming and Vermont in the United States and the Marshall Islands, which have introduced "DAO LLC" status through specific legislation, as of 2026 Turkish law does not contain any legal personality definition or special legal status specific to DAOs. In this vacuum, DAOs face the risk of being characterized as an ordinary partnership within the meaning of the TBK.
Global examples grant DAOs limited liability status; Turkey has not yet adopted a specific model.
2013: First use of Bitcoin and similar assets in Turkey
2021: TCMB's prohibition of direct or indirect use of crypto assets in payments
2024, July 2: Entry into force of the Crypto Asset Law (Law No. 7518)
2024, October 2: End of compliance period for cessation of unauthorized activities
2024, September 19: SPK's principle decision excluding NFT transactions from the scope of the Law
2025, March 13: Entry into force of Communiqués III-35/B.1 and III-35/B.2 on KVHS
2025, February 25: Commencement of Travel Rule requirement
2026, June 30: Target date for completion of KVHS licensing processes
2026, January 31: Entry into force of sworn financial adviser special purpose report obligation for imports
Turkey's efforts to exit the FATF grey list have accelerated alignment of the regulatory framework with international standards. High inflationary pressures and the younger population's technological adaptability have positioned the country among the top ranks in global crypto asset adoption indices; this intense adoption has compelled regulatory authorities to take rapid steps both to protect financial stability and reduce AML risks.
Understand the intricate legal landscape for Decentralized Autonomous Organizations and ensure full compliance with Turkish regulations.
How DAOs—which lack legal personality, make decisions through cryptographic voting, and hold assets in multisig wallets—can be reconciled with continental European-origin Turkish legal dogma is not only a matter of regulatory compliance but also a test of law's evolutionary capacity in the face of technology.
In Turkish law, types of legal personality are regulated in law in limited number (numerus clausus) and by mandatory rules. This principle means that parties cannot create a new type of legal personality of their own invention by their will. Types such as Joint Stock Company, Limited Liability Company, Cooperative, Association, and Foundation are structures expressly defined by the legislator and whose establishment procedures are prescribed.
DAOs do not fit any of these types. They have no physical headquarters, registry entries, board structures, or traditional organs. Decisions are made through on-chain voting; assets are held in multi-signature wallets. As long as the legislator does not expressly define DAOs, these structures cannot acquire legal personality.
Whether this situation stems from a legal gap or a conscious choice is debatable. The absence of DAO-specific regulation in Turkey as of 2026 may be interpreted as the current system's preference to "not see" these structures yet. Global examples (Wyoming, Marshall Islands) show that special status for DAOs can be granted through conscious legislative intervention.
In Turkish legal practice, where two or more persons pursue a commercial or economic purpose but do not assume one of the legal personality forms listed in law, it is accepted that the provisions on Ordinary Partnership under Article 620 et seq. of the Turkish Code of Obligations (TBK) (Law No. 6098) shall apply by analogy to such communities.
For a DAO to be characterized as an ordinary partnership, the following elements must be present:
Person: Natural or legal persons who purchase tokens, participate in governance votes, or provide liquidity
Capital: Crypto assets held in treasury or liquidity pools, protocol development effort
Contract: The whitepaper and smart contracts as a whole
Common Purpose: Operating a DeFi platform, earning profit, or pursuing a social mission
Affectio Societatis: The will to make decisions regarding the protocol's future in Discord, Telegram, or on-chain Snapshot votes
The Whitepaper, which explains the DAO's vision and token economics, carries the potential to be assessed by Turkish courts in a possible dispute as an Ordinary Partnership Agreement (TBK Art. 620). Although not a wet-signed document, technical prospectuses and smart contracts are recognized as contractual elements in law.
Smart contracts are technical instruments that ensure the execution of DAO rules. Legally, their "contract" nature may be interpreted as the declaration of will through code in conformity with the definition of contract in the TBK. However, the immutability of code disables traditional annulment mechanisms in cases of error or fraud.
The most devastating consequence of this characterization is the joint and several and unlimited liability of partners for debts, damages, and administrative sanctions arising from the partnership's activities.
Practical implication: In cases where a DAO suffers a cyber attack, user funds are stolen due to a software vulnerability, intellectual property is infringed, or it facilitates illegal transactions; victims or supervisory authorities may demand the full amount of damage from any DAO member (token holder) whose identity they can ascertain.
Even in scenarios where founding developers remain anonymous, an ordinary Turkish citizen whose identity can be established through KYC—merely for having provided a small amount of liquidity or voted in a single ballot—may face the risk of being held liable for all activities of the entire organization.
The 2016 The DAO hack presented a concrete example of smart contract vulnerabilities and unlimited liability risk.
That DAOs in Turkey necessarily require a "legal wrapper" is beyond dispute given the unlimited liability risk brought by ordinary partnership status. Three main alternative models are summarized below.
Civil networks that merely come together around a certain vision, offer digital access rights (token gating), and organize art and cultural events may remain outside the strict ambit of SPK and MASAK legislation as they carry no financial risk. Although they may converge philosophically with the Associations Law or Cooperatives Law, they continue to bear ordinary partnership risk due to the absence of legal personality.
The "New Generation Technology or Software Development Cooperative" model under Law No. 1163 on Cooperatives offers significant overlaps with DAO philosophy:
Voting: The 1 member = 1 vote rule limits "whale" hegemony with an anti-plutocratic structure
Entry/Exit: The open-door principle and variable capital align with dynamic membership through token trading
Distribution of Returns: Risturn (refund based on transaction volume or contribution ratio) provides legal ground for liquidity mining and staking returns
Liability: Limited liability unless otherwise agreed in the articles of association; escape from ordinary partnership risk
This model can be made legally operational by adding provisions to the cooperative's articles of association on blockchain integration, on-chain voting, and token-based decision-making.
Conducting DAO activities in Turkey through an Anonim Şirket (A.Ş.) or Limited Şirket (Ltd. Şti.) wrapper provides limited liability protection. However, as the dominant principle in capital companies is "1 share = 1 vote," it carries ontological incompatibility with the DAO vision of democratic and decentralized participation. Moreover, minimum capital, registry transparency, and KYC requirements conflict with the anonymous and distributed structure.
Overseas Foundation + Turkey operations: Establishment of a DAO LLC/Foundation in Wyoming, Marshall Islands, or Switzerland, with activity in Turkey without marketing under the Reverse Solicitation principle
Cooperative + off-chain representation: Establishment of the cooperative as the DAO's legal representative in the physical world; RWA (real-world asset) investments made through this wrapper
Gain strategic insights and legal guidance for designing robust, compliant DAO frameworks and DLT solutions in Turkey.
The Law Amending the Capital Markets Law (Crypto Asset Law) (Law No. 7518), which entered into force on 2 July 2024, established the legal ground for digital assets, platforms, and service providers in Turkey. Although the terms "DAO" or "DeFi" do not appear directly in the legislative texts, the Law introduced the broad umbrella concept of Crypto Asset Service Providers (KVHS).
The legislator carefully avoided defining crypto assets as "securities" or "money"; instead characterizing them as "values that can be created and stored in electronic form using distributed ledger technology or similar technology, distributed over digital networks, and representing intangible assets." This intangible asset definition aims to partially fill doctrinal gaps regarding how property rights are to be established within the framework of property law and the law of obligations.
Any structure—whether a centralized exchange (CEX) or DeFi protocol (DEX)—that carries out as a profession any of the activities of purchase and sale, initial sale or distribution (ICO/IDO), exchange, transfer of crypto assets and custody of customer assets is classified as a KVHS by law and subject to the SPK licensing and supervision regime.
Activities within KVHS scope: platform operation (buy-sell intermediation), custody, transfer service, and initial token sale (ICO/IDO).
The activity permit (license) must be obtained by 30 June 2026. It is extremely difficult in practice for a decentralized DAO to meet these requirements: minimum cash capital, transparent ownership structure, founders' qualifications, and asset segregation rules conflict with the anonymous and distributed structure.
The III-35/B.1 (Establishment and Activity Principles) and III-35/B.2 (Operating Procedures and Capital Adequacy) Communiqués, which entered into force on 13 March 2025, elaborate the technical and operational requirements for KVHS. At least 95% of customer assets must be held with approved banks or globally licensed custody institutions in cold wallet standards. Non-custodial DEXs cannot technically comply with this rule.
TÜBİTAK BİLGEM conducts technical audits on blockchain algorithms behind crypto assets, smart contract security, cybersecurity architecture, and information systems, providing consultancy and compliance reports to the SPK. These reports are required in KVHS applications.
Persons operating a crypto asset exchange or intermediation activity without obtaining an SPK license are subject to 3 to 5 years' imprisonment for the offense of "unauthorized capital markets activity" and a judicial fine of at least twice the benefit obtained. As of 2 October 2024, the complete cessation of unauthorized activities is mandated by law. Access to foreign platforms may be restricted through the blocking mechanism.
DeFi protocols that actively target resident users in Turkey (Turkish language support, Turkish lira-based transactions, local marketing) and provide regulated financial services are deemed to have "Financial Institution" status as of 2026. For overseas-based DAOs, the Reverse Solicitation principle applies: it is not deemed a violation of the prohibition if no advertising, promotion, or solicitation is directed at Turkey and the customer accesses the platform entirely on their own initiative.
If a platform is accessible from Turkey and conducts financial swap, lending, or custody activity, it carries the risk of being deemed a KVHS under Law No. 7518 and subject to SPK licensing. DAOs that manage smart contract updates of DeFi protocols such as MakerDAO, Uniswap, and Aave may come under regulatory radar if these protocols are usable from Turkey.
Anti-money laundering (AML) and criminal law carry the heaviest sanctions in the DAO ecosystem. MASAK obligations and offenses under the TCK must be assessed together.
Under Law No. 5549 on Prevention of Laundering Proceeds of Crime, crypto asset service providers have been brought within "Financial Institution" status and made directly subject to MASAK. If a DAO or DeFi protocol actively targets resident users in Turkey and provides regulated financial services, it is subject to this status as of 2026. The architecture of MASAK legislation contains principles entirely contrary to DAOs built on the philosophy of anonymity, decentralization, and limitlessness.
Concept of obligated party: Under MASAK, "obligated parties" are financial institutions subject to KYC, STR, Travel Rule, and asset freezing obligations within the AML/CFT framework. Violation of obligations carries the risk of 50,000–300,000 TL administrative fines for legal persons and 6 months to 8 years' imprisonment for managers and founders.
Possibility of a DAO being deemed obligated: If a DAO is assessed as a structure targeting users in Turkey and providing buy-sell, custody, or transfer services, it may be deemed to have Financial Institution status. A decentralized DAO's technical inability to fulfill central obligations such as appointing a Compliance Officer, KYC, STR, or account freezing creates non-compliance.
Travel Rule: Mandatory as of 25 February 2025. Verified identity information of sender and recipient is required for transfers of 15,000 TL and above. As DAOs and DeFi protocols operate through smart contracts and do not hold identity data, transfers above 15,000 TL carry the risk of rejection.
KYC design: Under MASAK Communiqué No. 19, NFC reading of next-generation identity cards and facial recognition are mandatory. Wallet-based anonymous DAO participation is excluded from the Turkey ecosystem for this reason.
Fraud (TCK Art. 158): Fraudulent token sale, rug pull (liquidity withdrawal), or misleading whitepaper that deceives investors constitutes the offense of fraud.
Laundering proceeds of crime (TCK Art. 282): Laundering of funds derived from a predicate offense (an offense requiring six months or more imprisonment). Laundering of crypto assets obtained through hacking, fraud, or cyber attack via mixers or DAO protocols falls within this provision. According to Court of Cassation precedents, the offense of laundering cannot materialize without a predicate offense.
Cyber offenses: Offenses such as unlawful access to an information system (TCK Art. 243), destruction or alteration of data (TCK Art. 244) may arise in scenarios of DAO hacks or smart contract manipulation.
Participation in crime (TCK Art. 39): When code written by a developer is used by criminals to launder proceeds of crime, liability may arise under TCK Art. 39/2-b ("providing the instruments used in the commission of the offense") or Art. 39/2-c ("facilitating the execution of the offense") through the aiding argument.
Theory of neutral conduct: Merely providing technological infrastructure or open-source code does not alone constitute criminal intent (mens rea). Developing cryptographic tools for user privacy and data protection is a lawful, neutral professional activity. The perpetrator's intent and causal link must be established for liability.
Mens rea / intent analysis: If the developer knowingly designed the protocol with parameters that would facilitate use by unlawful actors, marketed to cybercriminals on the dark web, or systematically derived material benefit from laundering activity, "conditional intent" or "direct intent" comes into play.
Tornado Cash and Pertsev approach: In the Netherlands, Alexey Pertsev was convicted of laundering despite writing the Tornado Cash code, due to the use of the autonomously operating protocol. The court focused not on the autonomy of the code but on the developer's intent and purpose. Turkish jurisprudence may follow a similar methodology: the developer's subjective purpose and financial benefit are taken as the basis.
Organic link analysis: Founding developers, those with signing authority in the multisig wallet, or those who factually determine the protocol's technical and strategic decisions may be deemed linked to the DAO through an "organic link." This link is used for perpetrator identification in criminal and civil liability.
Control theory: Persons with greater voting power than the majority of token holders or who factually direct decisions may be characterized as "de facto director." In this case, director liability under the TCK and SPK may arise.
De facto director liability: Under the ordinary partnership assumption, multisig signatories and founders are jointly and severally liable for the partnership's debts. In criminal law, they may be held liable as actual perpetrators or instigators for fraud, laundering, or unauthorized activity offenses.
Ensure your DAO's digital identity and tokenization projects comply with KVKK, SPK, and relevant digital identity frameworks.
Data protection (KVKK) forms the main axis of digital rights in the DAO ecosystem. It creates serious compliance difficulties in the absence of legal personality.
Current data protection regimes (KVKK and GDPR) are designed for Web2 architecture—the client-server model where data is collected, processed, and destroyed when necessary by a central authority. Permissionless blockchains and DAOs are in ontological and structural incompatibility with these norms.
Who is the data controller?
Under KVKK Art. 3/1-i, the Data Controller is the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system. Heavy responsibilities such as information notice (KVKK Art. 10), data security, and responding to data subject requests are imposed on this subject. In a fully decentralized DAO, no single actor fits this definition.
Data Controller paradox in DAOs:
In public blockchains, there is no central legal person or single natural person that directs the flow of data and determines purposes and means. Network nodes only verify and host data; they cannot make arbitrary changes. European authorities (France's CNIL) have stated that nodes alone cannot be deemed data controllers. According to CNIL, developer teams or founding token holders who have the right to write data to the blockchain, determine the processing purpose, and present the dApp or DAO interface to end users may be deemed data controllers. In Turkish law, no clear decision or precedent has yet been formed by the Board on this matter.
Right to be forgotten vs immutable blockchain:
KVKK Art. 7 and GDPR Art. 17 grant the data subject the right to request rectification, erasure, or anonymization of data (Right to be Forgotten). The existential architecture of blockchain, however, is based on the principle of immutability: a block added to the chain cannot be changed or deleted retrospectively. As each node keeps an independent copy in the distributed network, deletion is only possible through the common consensus of all nodes (hard fork)—practically impossible in networks such as Bitcoin or Ethereum.
CNIL approach and Turkish practice:
CNIL has stated that nodes cannot be deemed data controllers; developer teams and interface providers may be responsible. The Turkish Personal Data Protection Board has not yet taken a clear position on this matter. The Blockchain Turkey Platform report highlighted the conflict between KVKK and blockchain.
On-chain data processing risk:
Personal data written on-chain cannot be deleted in the traditional sense. KVKK Guidelines define data destruction through database commands (DELETE), hardware destruction, etc. These methods cannot be applied on public blockchains. The resolution of this conflict before the Board and courts has not yet been clarified. As of 2026, administrative fines may reach up to 17 million TL.
Although tax and employment-social security law are not the main regulatory focuses in the DAO ecosystem, they give rise to serious compliance obligations and risks. These two areas should be assessed under a single heading.
The taxation of DAO income is determined by interpretation within the scope of existing legislation and contains significant grey areas.
In DAO operations, roles such as "Bounty Hunter," "Core Developer," and "Community Manager" receive tokens from the decentralized treasury. The status of these relationships under Law No. 4857 on Employment and Law No. 5510 on Social Insurance poses serious grey areas.
Is there an employee in a DAO?
Three elements are required for an employment contract: work performance, remuneration, and dependence. In the DAO ecosystem, writing code, conducting marketing, or carrying out security testing clearly constitutes "work performance." The issue arises in the remuneration and dependence elements.
Legal validity of payment of remuneration with tokens:
Employment Law Art. 32 envisages that remuneration be paid "in money"; as a rule in Turkish currency and through banking channels. The TCMB has prohibited the use of crypto assets in payments; crypto assets are not considered legal tender. Therefore, the value obtained by a developer receiving "salary" in USDC or governance tokens from the DAO treasury does not have the legal character of "remuneration" within the meaning of Employment Law Art. 32. The court may deem this relationship a fraud against the law (sham) or characterize it as an agency or work contract (freelance).
Dependence element:
If the court finds that the "dependence" element predominates (obligation to attend meetings at certain hours, code review, performance evaluation by community vote, token deductions), payment of remuneration in crypto does not eliminate the existence of an employment contract. In this case, an "implied employer-employee relationship" may be identified.
SGK premium obligation:
Where an employment contract exists, the employer is obliged to pay SGK premiums. As the DAO has no legal personality and is deemed an ordinary partnership, employer status is attributed to multisig signatories, founding developers, and dominant token holders (ordinary partners). These persons may be held jointly and severally liable for unpaid minimum wage differences, SGK premiums, tax penalties, and workplace accident/occupational disease claims.
Reinstatement and compensation risks:
Employment Law Art. 18 et seq. impose valid reason, written termination, and right to defense. These procedures cannot be provided in decentralized voting. A Turkish developer "expelled" by vote may apply to mediation and the Labor Court with a claim of unfair dismissal. If the court finds the termination invalid, severance pay, notice pay, and reinstatement order arise. Although the on-chain expulsion cannot be practically reversed, financial penalties place a heavy burden on DAO founders.
The "decentralized dismissal" problem in DAOs:
Deprivation of authority through community vote, cutting off GitHub access, and cessation of funding may be deemed "termination of the employment contract" from an Employment Law perspective. This demonstrates that the "code is law" dogma cannot override mandatory employment law protections.
Bringing a lawsuit against a DAO—which has no legal personality, makes decisions through cryptographic voting, and holds assets in multisig wallets—determining the competent court, and enforcing judgments push the limits of classical legal mechanisms.
As a DAO is not a legal person, the lawsuit is directed not against the "DAO" itself but against founding developers, multisig signatories, or identifiable token holders in their capacity as ordinary partnership. Under TBK Art. 620, partners are jointly and severally liable; the creditor may demand the full debt from any partner.
Smart contracts or DAO constitutions generally do not contain governing law or forum clauses. The conflict of laws rules of the MÖHUK (choice of law, place of tort) come into play; however, the occurrence of the act on a decentralized network obscures the concept of "place." Where a consumer transaction is concerned, under MÖHUK Art. 45, Turkish courts at the consumer's residence are competent, and this jurisdiction cannot be waived by contract.
Law No. 5718 on Private International Law (MÖHUK) determines the applicable law and competent court in cross-border disputes. Even if the DAO interface includes a jurisdiction clause stating "Disputes shall be resolved in Marshall Islands or Singapore courts," the competence of Turkish courts is preserved for the consumer's benefit under MÖHUK Art. 47/2. A user resident in Turkey has the right to bring their case before Istanbul or Ankara courts.
Decentralized arbitration protocols such as Kleros and Aragon Court decide through anonymous juries and cryptographic voting. Enforcement (recognition and enforcement) of these decisions in Turkey faces serious obstacles. The New York Convention and MÖHUK require the independence and impartiality of arbitrators. In on-chain arbitration, juries are anonymous; the Schelling Point mechanism directs toward unanimity through economic incentive. This structure may lead to rejection of enforcement requests on the grounds that it conflicts with the right to fair trial and public order principles.
A creditor in whose favor a court judgment has been rendered requests execution through the Enforcement Office. However, the debtor DAO's assets are not held in traditional bank accounts but in multisig crypto wallets. Compulsory execution here confronts the cryptographic architecture of the blockchain.
Crypto assets are legally attachable. While assets on centralized exchanges are relatively easy to attach; in cold wallets and multisig structures, a single signatory's key does not suffice to complete the transaction, creating practical difficulties.
The mismatch between written norms and blockchain reality creates serious practical fractures in the applicability of regulation.
DAOs and DeFi protocols lack traditional compliance tools such as central servers, KYC obligation, and asset freezing. The 150 million TL capital required for an SPK license, transparent ownership structure, and Compliance Officer appointment cannot be factually met in a decentralized structure. Therefore, the legislation largely leaves DAOs in "scope exclusion" or "grey area."
DAOs are mostly established by pseudonymous developers. A transparent ownership structure cannot be presented to the commercial registry; no addressee can be identified for appointment of a Compliance Officer. Supervision and sanction can only be directed at persons identifiable through KYC exchanges or off-chain identity connections.
Under the Reverse Solicitation principle, if an overseas-based DAO does not take any action targeting Turkey (does not open an office, does not establish a Turkish-language site, does not market in Turkish media) and a Turkish resident accesses the platform entirely on their own initiative, this is not deemed a violation of the prohibition. However, the slightest targeting action falls within the scope of unauthorized activity.
Geographic restrictions can be circumvented through VPN, decentralized interfaces, or direct smart contract interaction. Although access blocking (geo-blocking) is technically feasible, full control is not possible in decentralized protocols. This creates a permanent tension between "the legislator's will" and "technical reality."
The capacity of the SPK, MASAK, and KVKK to supervise the cross-border, anonymous, and continuously operating DAO ecosystem is limited. Although on-chain analysis tools such as Chainalysis are used, auditing source code, understanding smart contract logic, and monitoring global token flows require significant resources and expertise.
Turkish law does not offer a specific legal personality or regulation that expressly defines DAOs. Although Law No. 7518 and SPK communiqués target crypto asset service providers, decentralized structures do not fully fit this mold. Ordinary partnership characterization creates unlimited liability risk; KVHS licensing requirements are in structural conflict with DAO architecture. The current system positions DAOs either as "prohibited" or in "uncertain grey area."
Traditional A.Ş. and Ltd. structures are based on capital dominance, hierarchy, and centralized decision-making. DAO philosophy, by contrast, envisages distributed voting, open door, and contribution-based distribution similar to risturn. Law No. 1163 on Cooperatives is the closest existing tool to this philosophy; however, express provisions and Board opinions must be developed for blockchain and token integration.
Global trends—MiCA, PwC 2026 Report, Cayman CIMA Phase 2—point to the integration of crypto assets into the mainstream financial system. For Turkey to become a "compliant hub" rather than a "prohibitive fortress" in this process; recognition of innovative wrappers such as DAO LLC or Technology Cooperative and publication of clear compliance guides are essential. The integration of law into this new paradigm depends on the legislator's grasp of the autonomous nature of code and production of flexible norms that balance decentralized innovation with public order.
This guide has been prepared by Genesis Hukuk for the purpose of sharing knowledge in the field of blockchain and digital asset law. The content is for informational purposes only; it does not constitute legal advice.
