HomeTechGlobal Legal Group - International Comparative Legal Guide - Technology Sourcing 2024...

Global Legal Group – International Comparative Legal Guide – Technology Sourcing 2024 -Turkiye

Date:

Related stories

Turkiye’s employment index increased by 3 per cent in Q3 2024

Turkiye’s employment index, including industry,...

2,000 Turkey’s Given out at Turkey’s on the Table Distribution

SOUTH BEND, Ind. (WNDU) -Everyone deserves a nice warm,...

Coming soon: Mountain snow through the weekend and potential impacts to Thanksgiving travel

Falling away from Friday’s “slightly above normal” temperatures, a...
spot_imgspot_img


  • Procurement Processes





    1.1 Is the private sector procurement of technology
    products and services regulated? If so, what are the basic features
    of the applicable regulatory regime?
    No specific rules govern the procurement of technology
    products and services in the private sector. Thus, the general
    rules enshrined in the Turkish Code of Obligations
    (TCO) apply. Additionally, laws such as the
    Turkish Code of Commerce (TCC), the Law on
    Protection of Competition, and other relevant laws come into play
    when applicable. Furthermore, sector-specific regulations,
    including those in telecommunications, banking, electronic money
    and payment systems, e-commerce, and healthcare, must also be
    observed.

    One of the key principles accepted by the TCO is freedom of
    contract. This empowers private sector parties to decide on nearly
    every provision that governs their relationship, as long as both
    parties are private, or the relationship is deemed private as per
    the TCO.

    While the Law on Protection of Consumers could potentially apply to
    the procurement of technology-related products and services, we
    have excluded it from consideration, presuming that the context of
    this chapter primarily involves legal entities.

    1.2 Is the procurement of technology products and services
    by government or public sector bodies regulated? If so, what are
    the basic features of the applicable regulatory regime?

    Procuring technology products and services by government
    or public sector bodies is regulated by a complex legal framework,
    primarily consisting of the Public Procurement Law
    (PPL) and the Public Procurement Contracts Law,
    among others. These laws establish the foundational principles and
    procedures for tender processes conducted by public
    institutions.

    The Public Procurement Authority oversees compliance with these
    laws, issues guidance, and monitors transparency and fairness in
    procurement processes.

    The basic features of the applicable regulatory regime are as
    follows:

    • Procurement Methods: The PPL outlines
      procurement methods based on specific service requirements,
      technical needs, and fees. These methods include open tender,
      tender among specific bidders, negotiated tender, direct
      procurement, and design competitions.

    • Electronic Tendering: Electronic bid
      submissions are facilitated through the Electronic Public
      Procurement Platform, which has expanded notably during the
      COVID-19 pandemic, reducing physical contact and streamlining the
      procurement process.

    • Performance of Contract: Contracts for
      procuring goods and services are executed using standard contracts
      published in the Official Gazette. These contracts include standard
      provisions, including the scope of the procurement, nature and
      definition of the goods and services, pricing, taxes, delivery
      conditions, technical specifications, as well as penalty and
      termination clauses.

    • Objective Criteria: The PPL sets objective
      criteria (e.g., technical specifications, quality standards, price
      competitiveness) for selecting suppliers to ensure that they are
      treated equally and without discrimination.

    • Transparency and Competition: The regulatory
      framework promotes transparency, competition, reliability,
      confidentiality, and efficient use of resources to ensure fair and
      accountable procurement practices.

    • Ethical Standards: The PPL prohibits
      corruption and favouritism in procurement activities, with
      penalties for ethical breaches.



  • General Contracting Issues Applicable to the Procurement of
    Technology-Related Solutions and Services





    2.1 Does national law impose any minimum or maximum term
    for a contract for the supply of technology-related solutions and
    services?

    No, typically, national law does not specify a minimum or maximum
    contract term for supplying technology-related solutions and
    services. Contract terms are usually negotiated between parties,
    unless other laws apply.

    2.2 Does national law regulate the length of the notice
    period that is required to terminate a contract for the supply of
    technology-related services?

    No specific regulation mandates a notice period for
    terminating such contracts, but parties can determine a reasonable
    notice period with good faith principles. Specific regulations or
    industry practices may also influence the notice period. Similarly,
    certain regulations may impose requirements for specific
    contracts.

    According to the TCO, the parties may also terminate the contract
    without a notice period if (i) granting time to the debtor would be
    ineffective, (ii) the obligation becomes useless due to the
    debtor’s fault, or (iii) it is understood from the contract
    that the performance of the obligation will no longer be accepted
    due to non-performance at a specified time or within a specified
    period.

    2.3 Is there any overriding legal requirement under
    national law for a customer and/or supplier of technology-related
    solutions or services to act fairly according to some general test
    of fairness or good faith?

    Yes, the Turkish Civil Code (TCiC) explicitly
    states that everyone must act in good faith when exercising their
    rights and performing their obligations. However, there is no
    established test for fairness or reasonableness, as courts assess
    the good faith and honesty principle on a case-by-case basis.

    This principle extends not only to the performance of contractual
    obligations but also to pre-contractual negotiations and the
    termination of contracts.

    2.4 What remedies are available to a customer under general
    law if the supplier breaches the contract?

    The customer has several remedies available under the
    general law, specifically per the TCO. The customer may demand one
    or more of the following:

    • Compensation for damages.

    • Performance of the contract.

    • Compensation instead of performance.

    • Rescission of the contract.

    • Termination of the contract.



    The nature of the contract should be considered, as the TCO
    outlines specific conditions for certain contract types.

    2.5 What additional remedies or protections for a customer
    are typically included in a contract for the provision of
    technology-related solutions or services?

    Contracts typically include the following remedies and
    protections for customers:

    • Service level agreements (SLAs).

    • Warranty clauses.

    • Indemnifications.

    • Data protection and privacy clauses.

    • Intellectual property (IP) rights protection clauses.

    • Audit rights.

    • Penalty clauses.

    • Dispute resolution mechanisms.

    • Termination clauses.





    2.6 How can a party terminate a contract without giving
    rise to a claim for damages from the other party to the
    contract?

    A party can terminate the contract without raising damage claims
    under specific circumstances defined within the contract or
    governed by the TCO. Primary methods include:

    • Mutual agreement.

    • Fulfilment of contract terms.

    • Termination clauses.

    • Force majeure.

    • Impossibility of performance.

    • Special termination conditions are regulated under specific
      legislation.





    2.7 Can the parties exclude or agree additional termination
    rights?

    Yes, parties can agree to include or exclude specific termination
    rights, as long as these do not contravene mandatory legal
    provisions.

    2.8 To what extent can a contracting party limit or exclude
    its liability under national law?

    Under the TCO, parties can limit liabilities for slight
    negligence through a prior agreement but cannot limit or exclude
    liabilities for gross negligence or wilful misconduct. Liabilities
    for their assistants’ actions can also be limited or excluded.
    However, if the service requires special knowledge, profession, or
    licence, the supplier cannot limit or exclude its liability, even
    for slight negligence or their assistants’ actions.

    2.9 Are the parties free to agree a financial cap on their
    respective liabilities under the contract?

    Yes, parties can set a financial cap on their
    liabilities, subject to limitations on liability (please see the
    answer to question 2.8).

    2.10 Do any of the general principles identified in your
    responses to questions 2.1–2.9 above vary or not apply to any
    of the following types of technology procurement contract: (a)
    software licensing contracts; (b) cloud computing contracts; (c)
    outsourcing contracts; (d) contracts for the procurement of
    AI-based or machine learning solutions; or (e) contracts for the
    procurement of blockchain-based solutions?

    The general principles apply to all technology
    procurement contracts, except where specific laws provide
    otherwise.

    For instance, these contracts may be subject to specific
    regulations, particularly regarding IP rights (please see the
    answer to question 4.1).



  • Dispute Resolution Procedures





    3.1 What are the main methods of dispute resolution used
    in contracts for the procurement of technology solutions and
    services?

    Several methods are commonly used for dispute resolution in these
    contracts, including:

    • Negotiation.

    • Mediation.

    • Arbitration.

    • Litigation.





    Some of these methods may be mandatory as per the applicable
    legislation. For instance, in commercial cases involving monetary
    claims, it is a prerequisite to engage in mediation before
    initiating legal proceedings.



  • Intellectual Property Rights





    4.1 How are the intellectual property rights of each party
    typically protected in a technology sourcing transaction?
    From an IP perspective, two laws are relevant: the Law on
    Intellectual and Artistic Works (LIAW); and the
    Industrial Property Law (IPL). Meeting their
    conditions enables protection through either copyrights or
    industrial property rights. For the LIAW copyright protection,
    assets subject to technology sourcing transactions must be
    considered intellectual products reflecting author characteristics
    (e.g., computer programs). These assets may also be protected by
    industrial rights related to patents, trademarks, designs, and
    utility models under the IPL, providing a comprehensive framework
    for their protection. In practice, the most effective way to
    protect IP rights is to clearly define ownership and assignment
    terms within the contract and include provisions for
    confidentiality, non-disclosure, non-compete agreements, and
    indemnifications.

    4.2 Are there any formalities which must be complied with
    in order to assign the ownership of Intellectual Property
    Rights?

    Yes. According to the LIAW, the assignment of material
    rights or their use must be formalised through a written agreement.
    The agreement must detail the rights transferred, their scope,
    limitations, and duration. Failure to meet these formalities could
    render the assignment invalid or unenforceable. While registration
    of copyright assignments is not mandatory, it is advisable to
    register them with the Ministry of Culture and Tourism for public
    notice and additional legal substantiation.

    Under the IPL, industrial rights can be assigned through a written
    agreement to be notarised by a public notary. Although notary
    certification is sufficient for the agreement’s establishment
    between the parties, registration with the Turkish Patent and
    Trademark Office (TurkPatent) is necessary for
    effectiveness against third parties.

    4.3 Are know-how, trade secrets and other business critical
    confidential information protected by national law?

    Know-how and trade secrets are not explicitly defined by statutes
    but are recognised by their confidentiality, economic value, and
    protective measures. While sector-specific regulations exist to
    safeguard critical confidential information, there’s no single
    law governing them. Protection relies on a combination of
    commercial, contractual, and criminal laws.

    The Turkish Criminal Code (TCrC) imposes
    imprisonment and judicial fines for disclosing commercial secrets
    obtained through one’s title, duty, occupation, or profession,
    though this provision is rarely applied.

    Unauthorised use of know-how, trade secrets, or confidential
    information may also constitute unfair competition under the TCC,
    allowing the aggrieved party to seek compensation and prevent
    unfair actions. The TCC also penalises unfair competition with
    imprisonment or judicial fines; these penalties, however, are
    rarely applied.

    Furthermore, the TCO mandates employee loyalty, prohibiting them
    from disclosing or using their employer’s trade secrets during
    and after employment.

    Typically, companies reinforce these protections with robust
    contractual agreements like non-disclosure agreements, non-compete
    agreements, and confidentiality clauses.



  • Data Protection and Information Security





    5.1 Is the manner in which personal data can be processed
    in the context of a technology services contract regulated by
    national law?
    The Turkish Data Protection Law (DPL) is
    the primary legal framework regulating the procedures and
    principles of processing personal data. While no specific law
    exclusively governs personal data processing within technology
    services contracts, the DPL’s general principles and
    obligations, along with relevant sector-specific regulations,
    provide a robust framework for such activities.

    Additionally, sector-specific regulations and guidelines issued by
    the Personal Data Protection Authority (DPA) may
    impact how personal data is handled in technology services. For
    instance, Guidelines on Cookie Practices, Guidelines on Personal
    Data Security, and Recommendations for Protecting Privacy in Mobile
    Applications would be relevant to technology services involving
    online activities.

    5.2 Can personal data be transferred outside the
    jurisdiction? If so, what legal formalities need to be
    followed?

    Yes,1 the provisions governing personal data
    transfer abroad were recently amended to align with the General
    Data Protection Regulation. The new system categorises transfers
    into three levels:

    1. adequacy decisions;

    2. appropriate safeguards; and

    3. occasional causes.





    The DPA can now issue these decisions for international
    organisations, specific sectors, and countries. If no adequacy
    decision exists, appropriate safeguards must be implemented,
    ensuring data subjects can exercise their rights and access legal
    remedies. Appropriate safeguards include:

    • agreements between public institutions, subject to DPA
      approval;

    • binding corporate rules, subject to the DPA approval;

    • standard contractual clauses, with notification to the DPA;
      and

    • written undertakings providing adequate protection, subject to
      the DPA approval.



    If there is no adequacy decision or appropriate safeguard, data
    transfers can only occur if the transfer is occasional and specific
    conditions are met. These include, for example, explicit consent
    from the data subject, the necessity for contract performance, or
    an overriding public interest.

    These regulations also apply to onward transfers by controllers or
    processors.

    5.3 Are there any legal and/or regulatory requirements
    concerning information security?

    Yes, several legal and regulatory requirements under
    Turkish law address information security. The primary regulation is
    the DPL, which focuses on safeguarding personal data and outlines
    principles and regulations governing its processing and protection,
    including provisions dedicated to information security.

    Criminalisation of activities like unlawful recording, disclosure,
    or obtention of personal data, as well as failure to destroy data
    within specified deadlines set by the laws, falls under the TCrC,
    alongside cybercrimes like hacking, data theft, and cyber
    extortion.

    Various additional regulations, directives, and industry-specific
    guidelines complement the DPL in addressing specific information
    security concerns. These legislative measures collectively aim to
    strengthen information security, protect privacy rights, and foster
    trust in data handling practices.

    The Law on Electronic Communication emphasised information
    security, providing a framework for network security, communication
    confidentiality, and personal data protection. Secondary
    legislation further elaborates on these matters, such as the Decree
    on Information and Communication Security Measures No. 2019/12
    (Presidential Decree), which mandates specific
    security measures for public institutions and operators providing
    critical infrastructure services.

    Additionally, the Law on Regulation of Publications via the
    Internet and Combating Crimes Committed by Means of Such
    Publications outlines obligations and responsibilities for various
    entities, including content providers, hosting providers, and
    internet service providers, to combat internet-based crimes.

    Banking and payment regulations outline specific requirements as
    well.

    Türkiye’s 12th Development Plan outlines the framework for
    enhancing cybersecurity across all sectors in Türkiye, aiming
    to protect critical infrastructure and national security interests
    from cyber threats.

    Though not legally mandated, obtaining ISO/IEC 27001 certification
    is also widely recognised as a standard for information security
    management systems.



  • Employment Law



    6.1 Can employees be transferred by operation of law in
    connection with an outsourcing transaction or other contract for
    the provision of technology-related services and, if so, on what
    terms would the transfer take place?
    The transfer of employees in outsourcing or technology
    service contracts is primarily governed by the Turkish Labor Law
    (TLL) and the TCO.

    The TLL doesn’t directly regulate the transfer of employment
    contracts, but rather the transfer of a workplace or part thereof
    (e.g., sale or rent of a workplace). In such cases, all rights and
    obligations from the employment contract are automatically
    transferred to the new owner. The transfer itself does not justify
    termination; valid reasons (e.g., economic, technological, or
    organisational changes) or justified causes are required per the
    TLL. The transferor and transferee are jointly liable for employee
    obligations for two years post-transfer.

    The TCO contains a provision specific to employment contract
    transfers. Accordingly, employment contracts can be transferred
    with the employee’s written consent, making the transferee the
    new employer with all associated rights and obligations.

    Even without a transfer, outsourcing relationships where
    subcontractors employ workers for another employer’s auxiliary
    tasks may result in joint responsibility for compliance with the
    TLL and employment contracts.

    6.2 What employee information should the parties provide to
    each other?

    Turkish law doesn’t mandate specific information sharing during
    business transfers. In practice, the transferor provides the
    transferee with information kept in accordance with the TLL, which
    typically includes employees’ personal files. This is crucial
    because the transaction involves transferring all associated rights
    and obligations of the employee.

    Since main employers are also accountable in subcontracting
    relationships, they usually request guarantees and details
    regarding wages and social security contributions made by
    subcontractors for employees.

    6.3 Is a customer or service provider allowed to dismiss an
    employee for a reason connected with the outsourcing or other
    services contract?

    Neither the customer nor the supplier is entitled to
    terminate an employment contract solely on the grounds of the
    transfer of a contract. However, their right to terminate the
    contract based on valid or justified grounds as per the TLL (please
    see question 6.1) remains unaffected.

    Furthermore, contractual clauses may allow the customer to request
    changes in the employee(s) assigned by the supplier. Such a request
    doesn’t automatically lead to the termination of the
    employee’s contract, provided that the supplier retains the
    right to termination on the grounds provided by the TLL.

    6.4 Is a service provider allowed to harmonise the
    employment terms of a transferring employee with those of its
    existing workforce?

    No specific regulations prohibit the new employer from proposing
    changes to employment terms. However, material changes that
    diminish the rights or benefits of transferred employees require
    their consent.

    The TLL emphasises equal treatment, ensuring no discrimination or
    unfair treatment of transferred employees compared to the existing
    workforce. Therefore, it is possible to harmonise non-material
    general working conditions with the existing workforce.

    If an employer, party to a collective bargaining agreement
    (CBA), acquires a workplace that does not have its
    own CBA, the rights and obligations under the CBA apply to the
    transferred workplace. This implies that the CBA of the acquiring
    employer extends to include the new employees.

    6.5 Are there any pensions considerations?

    The new employer is responsible for registering
    transferred employees on its payroll and paying social security
    premiums to the Turkish Social Security Institution. Additionally,
    if the former employer provides a pension scheme for transferred
    employees, the new employer is required to maintain this
    scheme.

    6.6 Are there any employee transfer considerations in
    connection with an offshore outsourcing?

    The TLL does not specifically regulate offshore
    outsourcing, but the Turkish International Private and Civil
    Procedure Law applies. Parties can choose the applicable law for
    cross-border employment contracts, but this choice must not deprive
    employees of the TLL protections.

    Additionally, parties can agree on a forum selection clause, though
    Turkish courts may still assert jurisdiction if the employee
    habitually works in Türkiye or to protect the employee’s
    rights.



  • Outsourcing of Technology Services



    7.1 Are there any national laws or regulations that
    specifically regulate outsourcing transactions, either generally or
    in relation to particular industry sectors (such as, for example,
    the financial services sector)?
    There is no specific law regulating outsourcing
    transactions, but general provisions from the TCO, TCC, and TCiC
    apply, depending on the transaction type (please see question 1.1
    and Section 2). Sector-specific regulations also cover outsourcing
    transactions:

    • Banking: Banks can outsource support services
      under certain conditions, such as risk management plans and
      specific contract provisions, as per the Regulation on the
      Procurement of Support Services by Banks. Services like catering,
      transportation, and consulting are exempt.

    • Insurance: Insurance and pension companies can
      outsource support services under the Regulation on Insurance
      Support Services, provided they meet supplier qualifications and
      submit a risk report to the Insurance Information and Monitoring
      Center. Services like consulting and advertising are exempt.

    • Capital Markets: Institutions and public
      companies under the Capital Market Law can outsource information
      systems services if they establish a monitoring structure, prepare
      a technical qualification report, and execute a written contract as
      per the Communiqué on Management of Information
      Systems.

    • Payment and Electronic Money Services: Payment
      and electronic money institutions can outsource services as per the
      Regulation on Payment Services, Electronic Money Issuance and
      Payment Services Providers, provided they specify the service scope
      in a written contract and comply with regulatory obligations.
      Services like consulting and advertising are exempt.

    • Payment and Securities Settlement Systems:
      System operators can outsource information system services after
      informing the Central Bank of the Republic of Türkiye and
      taking the necessary measures as per the Regulation on Activities
      of Payment and Securities Settlement Systems.





    7.2 What are the most common types of legal or contractual
    structure used for an outsourcing transaction?

    Although Turkish law does not prescribe specific structures, in
    practice, several common legal or contractual frameworks are
    utilised:

    • Direct Outsourcing: The supplier works
      post-contract with the customer.

    • Indirect Outsourcing: The supplier
      subcontracts post-customer contracts.

    • Multi Outsourcing: The customer contracts
      several suppliers for different work parts.

    • Joint Venture: The customer and supplier form
      a joint venture for outsourcing.



    Additionally, technology services-related agreements often involve
    various arrangements such as IP licences, SLAs, master services
    agreements, software-as-a-service agreements, and outsourcing
    framework agreements.

    7.3 What is the usual approach with regard to service
    levels and service credits in a technology outsourcing
    agreement?

    Technology outsourcing agreements typically include detailed SLAs
    to ensure service quality. SLAs specify performance metrics like
    uptime, response times, resolution times, and targets or
    benchmarks. Penalty clauses and termination provisions are often
    incorporated to address SLA breaches.

    While service credit mechanisms are less common, they can sometimes
    be found in agreements influenced by US contracts.

    7.4 What are the most common charging methods used in a
    technology outsourcing transaction?

    The most common charging methods are as follows:

    • Interim payment or per piece: Payment upon
      completion of stages or delivery of goods and services.

    • Hourly/daily fee: Payment based on man/hours
      or man/ days.

    • Retainer fee: Fixed periodic payments.

    • Lump-sum payment: One-time fixed payment.



    The choice of method depends on factors like the nature of
    services, complexity, and the parties’ preferences.

    7.5 What formalities are required to transfer third-party
    contracts to a service provider as part of an outsourcing
    transaction?

    According to the TCO, transferring a contract requires the
    agreement of the transferor, transferee, and the remaining party,
    making the remaining party’s approval essential. In practice,
    terms regarding contract transfers are often outlined in the main
    contract.

    Additionally, specific registration and announcement requirements
    must be fulfilled for business transfers to limit the
    transferor’s responsibility.

    7.6 What are the key tax issues that can arise in the
    context of an outsourcing transaction?

    Several key tax issues may impact both the service provider and the
    customer. These include:

    • Stamp
      Duty
      : Applies to written contracts, with certain
      exemptions. For a standard service contract, the rate is 0.948% of
      the contract amount levied for each counterpart. The maximum stamp
      duty for 2024 is TRY 17,006,516.30.

    • Value-Added Tax
      (VAT)
      : Applies to service fees paid by the customer to the
      supplier, unless exempted. VAT rates range between 1% and 20%,
      depending on the type of service provided.

    • Corporate
      Income Tax
      : Companies headquartered in Türkiye (full
      liability taxpayers) pay tax on global income, while those
      headquartered outside Türkiye (limited liability taxpayers)
      pay tax only on Türkiye-sourced income. The general corporate
      tax rate was increased to 25% for 2024.

    • Withholding
      Tax
      : Professional service and royalty payments to
      non-residents are subject to a 20% withholding tax, potentially
      reduced by double taxation treaties.



  • Software Licensing (On-Premise)



    8.1 What are the key issues for a customer to consider when
    licensing software for installation and use on its own systems
    (on-premise solutions)?

    Key issues to be considered are as follows:

    • Licensing Model and Pricing: Ensure the
      licensing model aligns with the customer’s budget and usage
      requirements.

    • Licence Scope and Terms & Conditions:
      Determine whether the licence covers the customer’s needs
      without over or under licensing. Reviewing the licence to
      understand rights, obligations, usage restrictions, renewal terms,
      and termination clauses is crucial.

    • Data Security and Privacy: Ensure the software
      meets the necessary administrative and technical measures as per
      the DPL and relevant legislation.

    • IP Rights: Verify that the software adheres to
      IP rights and licensing agreements.

    • Maintenance and Support: Assess the
      availability, cost, and quality of maintenance and support
      services, including response times and SLAs.

    • Training and Documentation: Ensure adequate
      training and documentation are provided for users and
      administrators to use and manage the software effectively.

    • Backup and Disaster Recovery: Verify that the
      service provider has robust backup and disaster recovery procedures
      in place to minimise downtime and data loss.

    • Migration of Data: Develop a plan for data
      migration, software removal, and transitioning to alternative
      solutions.



    8.2 What are the key issues to consider when procuring
    support and maintenance services for software installed on customer
    systems?


    Key issues to be considered are as follows:

    • Compatibility and Integration: Ensure that the
      service provider’s services align with the customer’s
      existing systems, infrastructure, and software environment.

    • Service Agreement Scope and Terms &
      Conditions
      : Ensure a clear description of the services,
      including software updates, bug fixes, troubleshooting,
      configuration assistance, and technical guidance. Ensuring that the
      agreement addresses the rights and obligations of both parties,
      including SLAs, uptime requirements, and mechanisms for enforcing
      obligations (e.g., penalties or termination rights in cases of
      breaches), is crucial.

    • Data Security and Privacy: Implement measures
      to ensure compliance with the DPL and relevant legislation,
      including defining data access, handling, and confidentiality
      protocols.

    • IP Rights: Clarify the ownership of data and
      IP rights.

    • Maintenance and Support: Ensure that the
      support and maintenance services are provided for an adequate
      duration with reasonable renewal options.

    • Backup and Disaster Recovery: Verify that the
      service provider has robust backup and disaster recovery procedures
      in place to minimise downtime and data loss.

    • Training and Documentation: Ensure adequate
      training and documentation are provided for users and
      administrators to use and manage the software effectively and
      determine the extent of customer support to be provided. Migration
      of Data: Develop a plan for data migration, software removal, and
      transitioning to alternative solutions.





    8.3 Are software escrow arrangements commonly used in your
    jurisdiction?
    Are they enforceable in the case of the insolvency of the
    licensor/vendor of the software? While software escrow arrangements
    are not yet widespread in Türkiye, they are gaining traction
    as a risk mitigation strategy for software licensees. These
    arrangements are generally enforceable, provided they are
    well-drafted and comply with the TCO.



  • Cloud Computing Services



    9.1 Are there any national laws or regulations that
    specifically regulate the procurement of cloud computing
    services?

    Türkiye lacks a single national law for cloud computing
    services, but various regulations apply, including those on
    banking, payment services, data protection, and cybersecurity,
    which may impose specific conditions or restrictions on cloud
    service procurement and use.

    For instance, the Presidential Decree prohibits public institutions
    from using cloud services unless within their private systems or by
    local providers under their supervision.

    Additionally, the DPA addresses cloud services in its guidelines
    (e.g., Guidelines on Personal Data Security), emphasising the
    measures to be taken when using cloud storage, such as the use of
    cryptographic methods for transfers.

    9.2 How widely are cloud computing solutions being adopted
    in your jurisdiction?

    Cloud computing adoption is on the rise, driven by the
    need for digital transformation, cost efficiency, and scalability.
    Various sectors, including financial services, telecommunications,
    healthcare, retail, and the public sector, are leveraging cloud
    technologies to enhance their operations.

    9.3 What are the key legal issues to consider when
    procuring cloud computing services?

    When procuring cloud computing services, it’s
    important to consider the general key issues outlined for procuring
    support and maintenance services and the data transfer abroad rules
    since most cloud computing services host their servers outside of
    Türkiye (please see questions 8.1, 8.2, and 5.2).
    Additionally, sector-specific regulations may impose specific
    restrictions and requirements.



  • 10 AI and Machine Learning



    10.1 Are there any national laws or regulations that
    specifically regulate the procurement or use of AI-based solutions
    or technologies?
    Türkiye lacks specific laws for the procurement or
    use of AI-based solutions. However, on 25 June 2024 a Draft Bill on
    Artificial Intelligence (AI Draft Bill) was
    submitted to the Turkish Grand National Assembly. This AI Draft
    Bill aims to ensure secure, ethical, and fair use of AI
    technologies.

    Even though it is unlikely to be approved, the AI Draft Bill is
    significant as it represents the first effort to regulate this
    field. On the other hand, existing laws, including the LIAW, IPL,
    DPL and other sector-specific regulations may apply for the
    procurement or use of AI-based solutions or technologies. While not
    legally binding, ethical guidelines and standards for AI
    development and deployment also offer valuable guidance.

    10.2 How is the data used to train machine learning-based
    systems dealt with legally? Is it possible to legally own such
    data? Can it be licensed contractually?

    Given Türkiye’s absence of specific AI regulations,
    various laws may be applied to address ownership and licensing
    issues related to training data for machine learning systems. The
    DPL, LIAW, IPL, and TCC are particularly relevant.

    • DPL: The DPL governs the use of data in
      training machine learning-based systems, focusing on personal data
      protection. However, challenges arise regarding data subject
      rights, data minimisation, purpose limitation, and automated
      decision-making (ADM) processes. Under the DPL,
      data subjects have the right to object to decisions against them
      based solely on automated processing. However, the scope of this
      provision is unclear, and the lack of obligations to inform data
      subjects about ADM processes leads to transparency issues.
      Complying with principles like data minimisation and purpose
      limitation in AI usage is also complex due to the widespread use of
      personal data in training sets, often collected from sources like
      web scraping and data brokers. The methods used to collect data,
      especially in generative AI, make it difficult to trace data back
      to its subject, complicating compliance with data subject
      rights.

    • LIAW: AI models based on computer programs are
      considered intellectual products under the LIAW and enjoy copyright
      protection. For training data to be protected by copyright, it must
      be deemed an intellectual product that bears the characteristics of
      the author.

    • IPL: Inventions can be patented as per the IPL
      if they meet the criteria of (i) novelty in all fields of
      technology, (ii) reaching an inventive level, and (iii) industrial
      applicability. Alternatively, they can be protected as utility
      models if they meet these criteria but have not reached an
      inventive level. If a product enjoys patent or utility model
      protection (please see questions 4.1 and 4.2), in order to use such
      a product’s technology and/or components as training data,
      proper licences should be obtained to avoid infringement as per the
      IPL. Furthermore, training data meeting criteria of novelty and
      distinctive characteristics may be protected as designs, while
      input or training data registered as trademarks may be protected as
      trademarks under the IPL. Trademarks and designs can be licensed as
      well.

    • TCC: If components, including training data,
      do not meet the criteria for copyright or other IP protection, they
      may still enjoy protection against unfair competition under the
      TCC.





    10.3 Who owns the intellectual property rights to
    algorithms that are improved or developed by machine learning
    techniques without the involvement of a human programmer?
    Since no specific legislation directly addresses
    AI-generated works, other applicable laws can be implemented.

    Typically, algorithms are protected under the LIAW as
    “copyrighted material”. However, like most jurisdictions,
    the LIAW traditionally requires human authorship for copyrightable
    works. Algorithms can be patented as well if they meet the required
    criteria as per the IPL (please see question 10.2). However, the
    patent’s owner must be a natural or legal person. Hence, the
    ownership of algorithms developed by machine-learning techniques
    without human involvement is a complex issue.


  • Blockchain

    11.1 Are there any national laws or regulations that
    specifically regulate the procurement of blockchain-based
    solutions?

    There are no specific national laws or regulations that
    exclusively govern the procurement or use of blockchain-based
    solutions. However, several existing laws and regulations
    indirectly affect blockchain technology and its applications by
    giving references to crypto assets, particularly in areas such as
    finance.

    The Turkish Central Bank issued the Directive on Crypto-Assets Not
    to Be Used in Payments, which for the first time defined
    “crypto-assets” in Turkish law. The use of crypto-assets
    as an instrument of payment and the provision of services using
    crypto-assets in payments in a direct or indirect manner were
    prohibited by this directive.

    The Law on Amendments to the Capital Markets Law (CM Law
    Amendments
    ) was published in the official gazette on 2
    July 2024 and entered into force immediately. The CM Law Amendments
    introduce new definitions and concepts including cryptocurrency,
    trading platforms, custody services, and service providers. They
    also establish certain obligations for supervising platforms and
    service providers, along with sanctions for non-compliance.

    11.2 In which industry sectors in your jurisdiction are
    blockchain-based technologies being most widely adopted?

    In recent years, blockchain-based technologies have
    gained traction in various sectors, especially finance, banking,
    entertainment, and gaming. Despite regulatory restrictions on using
    cryptocurrencies for payments, blockchain technology is being used
    for financial applications such as trading platforms, digital asset
    management, and tokenization of assets.

    11.3 What are the key legal issues to consider when
    procuring blockchain-based technology?

    Despite the developments regarding the introduction of
    regulations regarding crypto assets (e.g., CM Law Amendments), the
    procurement of blockchain-based technology remains unregulated
    under Turkish Law. Consequently, it is crucial to carefully observe
    existing laws and regulations that indirectly impact
    blockchain-based technology (please see question 11.1).

  • 1. Infographic on the Amendments to Turkish Data Protection Law,
    Yazıcıoğlu Legal, March 12, 2024,
    https://yazicioglulegal.com/publications/infographic-on-the-amendments-to-turkish-data-protection-law-updated-12-march-24/84

    Originally published by ICLG.

    The content of this article is intended to provide a general
    guide to the subject matter. Specialist advice should be sought
    about your specific circumstances.

    - Never miss a story with notifications

    - Gain full access to our premium content

    - Browse free from up to 5 devices at once

    Latest stories

    spot_img