Turkey's cryptocurrency regulation enters a critical phase: March 31 becomes the compliance deadline

Source: BTCHaber Original Title: Critical Turn in Turkey’s Crypto Regulations: Deadline March 31 Original Link: Service providers offering crypto asset services within Turkey have entered a critical period to ensure uninterrupted operations. Platforms must sign contracts with custodial institutions and comply with the information system and technical infrastructure standards issued by TÜBİTAK(Turkey’s National Scientific Research Council), with a deadline of March 31, 2026.

Secondary regulations issued by the Capital Markets Board of Turkey(SPK) in March 2025 regulate the operational procedures and principles for crypto asset service providers(KVHS), known publicly as the “Crypto Law.” KVHS is now in a crucial stage of compliance adjustment.

SPK requires crypto asset platforms to sign contracts with at least one custodial institution when applying for operational licenses, and to meet TÜBİTAK KVHS information system and technical infrastructure standards by March 31, 2026.

Contracts with custodial institutions must be signed before March 31, 2026

In the “Principles for Establishment and Operation of Crypto Asset Service Providers” notice published on March 13, SPK states that institutions completing their license applications by June 30 must sign contracts with at least one custodial institution by the end of December 2025, and provide necessary technical processes and integration within the custodial system framework. This decision was extended in the principles decision published on December 4 to March 31, 2026. With the start of the first quarter of the new year, the key process of aligning with the custodial standards set by regulators has also begun.

According to regulations, crypto asset trading platforms must sign custodial agreements with custodial institutions and submit these agreements to the Capital Markets Board by March 31, 2026.

TÜBİTAK infrastructure standards compliance deadline is March 31

The compliance deadline for TÜBİTAK’s KVHS information system and technical infrastructure standards is March 31, 2026. The mandatory cooperation standards for crypto asset service providers with Turkish custodial institutions include requirements that “main systems and auxiliary(backup)systems used within the scope of initialization and backup, including security hardware and software, servers, etc., will be located within Turkey.”

Abdulkadir Kahraman, General Manager of Paribu Crypto Asset Custody, commented on this issue, stating that Turkey’s crypto regulation takes a fairly clear approach to crypto custody, equating it with control of private keys. The regulation explicitly states that wallet keys and the software and servers managing these keys cannot be transferred outside Turkey. Additionally, custodial technology providers must meet TÜBİTAK standards. Regulators aim to be able to access institutions responsible for custody of user assets when necessary, establishing a legitimate dialogue partner. In other words, merely obtaining crypto custody technology services will no longer be sufficient from March 2026. The current operational model of crypto platforms in Turkey will be considered non-compliant with TÜBİTAK regulations after March 2026.

“Paribu Custody is ready to provide services with proprietary technology”

Abdulkadir Kahraman, General Manager of Paribu Crypto Asset Custody, emphasized the importance of compliance with TÜBİTAK standards and key storage locations after March 31, summarizing his view as follows:

“Paribu Custody was announced in 2024 and is Turkey’s first and only provider to develop its own technology for digital asset custody. The multi-layer security architecture ColdShield® developed by Paribu Custody combines HSM, SGX, and MPC technologies to provide security and governance capabilities aligned with TÜBİTAK infrastructure standards. We invite all crypto asset service providers who wish to reduce risks during compliance and are ready to act to contact Paribu Custody.”

TÜBİTAK standards specify KVHS technical infrastructure in detail

TÜBİTAK’s infrastructure standards aim to strengthen wallet security in crypto asset custody services and ensure Turkey’s digital sovereignty in the crypto space. The standards published in May require cold wallets to be completely offline, hot wallet private keys to be protected within secure hardware or environments, and key management to be handled solely by relevant KVHS.

Transfer transactions must use multi-signature systems and threshold cryptography, with authorized users requiring multi-factor authentication, and all transactions must be recorded in an auditable manner. The standards also specify that information security policies should be formulated under senior management supervision, and operational details such as address definitions, key ownership, and transfer limits should be governed by clear policies.