Turkey's ETK, KVKK and IYS for email

Turkey governs commercial email through the ETK (Elektronik Ticaretin Düzenlenmesi Hakkında Kanun, Law No. 6563 on the Regulation of Electronic Commerce), backed by the KVKK data-protection law (No. 6698) and operated through a central government consent registry, the IYS (İleti Yönetim Sistemi - Message Management System). Two features set Turkey apart from the Western regimes: an explicit opt-out track for B2B, and a state-run registry where consents and opt-outs must be recorded.

This is general information, not legal advice. Consult Turkish counsel for your situation. Sourcing note: the ETK obligations below are drawn from the official law text; the KVKK regulator and IYS sites were not reachable for content extraction during research, so KVKK-specific points are flagged and unverified items are not stated as fact.

The 60-second version

• B2C is opt-in. Commercial electronic messages need prior consent (onay) (ETK Art. 6(1)).
• B2B is opt-out. Messages may be sent to merchants and traders (esnaf ve tacir) without prior consent (Art. 6(2)).
• A transactional carve-out applies where the recipient gave their contact details for that communication (Art. 6(1)).
• Consents must be registered in the IYS platform; consents not uploaded are invalid, and opt-outs are exercised through IYS (Art. 11(5)).
• Messages must identify the service provider and match the consent obtained (Arts. 5, 7).
• Recipients can refuse at any time, free of charge; you must stop within 3 business days (Art. 8).
• ETK fines are defined in Art. 12 (stated below). The KVKK layer and its fines are flagged - we did not verify them from a primary source.

Consent model (ETK Art. 6)

Audience	Rule	Reference
Consumers (B2C)	Opt-in. Commercial electronic messages may only be sent with prior consent (onay); consent may be obtained in writing or by any electronic means.	Art. 6(1)
Merchants and traders (B2B)	Opt-out. Messages may be sent without prior consent - “Esnaf ve tacirlere önceden onay alınmaksızın ticari elektronik iletiler gönderilebilir.”	Art. 6(2)
Transactional / requested contact	Where the recipient provided contact details for the purpose of that communication (e.g., to receive service or maintenance information about goods they bought), separate consent is not required for related messages.	Art. 6(1)

This B2B/B2C split resembles the UK’s corporate-body distinction, but Turkey draws the line at merchants and traders specifically.

The IYS consent registry (Art. 11(5))

Turkey’s distinctive mechanism is the IYS - a central, government-authorised electronic system for obtaining consents and exercising opt-outs for commercial electronic messages. From the law text:

• The Ministry of Trade is authorised to establish (or have established) the electronic system - this became the IYS platform.
• Consents obtained must be uploaded to IYS within the timeframe set by the Ministry; consents not uploaded are deemed invalid.
• Recipients have a Ministry-set window to review their registered consents; after that window, messages are treated as consented.
• The refusal/opt-out right is exercised through the IYS platform.

In effect, the consent record is not just your internal log - it must live in a national registry, and an unregistered consent does not count.

The IYS platform site was not reachable during research. The points above are from the ETK law text (Art. 11(5)); operational timeframes are set by Ministry of Trade secondary legislation, which should be checked directly.

Sender identification (ETK Arts. 5, 7)

Requirement	Detail	Reference
Identify the service provider	The message must include information identifying the service provider (name/business) and contact information (phone, fax, SMS number, email) appropriate to the type of communication.	Art. 7(2)
Identify the commercial communication	The commercial communication, and the real or legal person on whose behalf it is made, must be clearly identifiable.	Art. 5(1)(a)
Match the consent	Message content must conform to the consent obtained.	Art. 7(1)

Unsubscribe / opt-out (ETK Art. 8)

Requirement	Detail	Reference
Right to refuse	Recipients can refuse to receive commercial electronic messages at any time, without giving any reason.	Art. 8(1)
Mechanism	The service provider must make refusal easy and free of charge by electronic means, and must include the necessary how-to information in every message.	Art. 8(2)
Timeframe	The provider must stop sending within 3 business days of receiving the request - “Talebin ulaşmasını müteakip hizmet sağlayıcı üç iş günü içinde alıcıya elektronik ileti göndermeyi durdurur.”	Art. 8(3)

3 business days is the shortest honor window of any regime in this library.

Penalties (ETK Art. 12)

These come directly from the official law text and are stated as verified base amounts:

Violation	Fine range
Sending without consent (Art. 6(1)) - single recipient	1,000-5,000 TRY
Sending to multiple recipients in violation of Art. 6(1)	The base fine multiplied up to 10x
Opt-out-mechanism failures (Art. 8(2)-(3)) and other violations	2,000-15,000 TRY
Annual cap	Total fines per calendar year capped at 500,000,000 TRY for service providers below the statutory monetary threshold (Art. Ek 2(4))

Inflation adjustment, flagged: the ETK states these base amounts are adjusted for inflation annually. The 2026 applicable figures were not in the portion of the law text extracted during research, so the amounts above are the base figures. Confirm the current-year amounts against the official law text before relying on them.

The KVKK layer (flagged - not verified from a primary source)

Processing email addresses for marketing also implicates Turkey’s personal-data law, the KVKK (No. 6698), which requires a lawful basis for processing (consent is the common basis for marketing) and is enforced by the Personal Data Protection Board (Kişisel Verileri Koruma Kurulu), which can impose administrative fines.

The KVKK regulator site returned navigation-only content and we could not extract its email-marketing guidance or its fine amounts from a primary source. We therefore do not state KVKK penalty figures and treat the KVKK-specific obligations as unverified pending a reachable primary source. Plan for a KVKK lawful-basis analysis in addition to ETK compliance, and confirm the specifics with Turkish counsel.

Common confusion

• “B2B is opt-in like the EU.” In Turkey, sends to merchants and traders are opt-out under Art. 6(2).
• “My internal consent log is enough.” Consents must be registered in IYS; unregistered consent is invalid under Art. 11(5).
• “I have a few days like the US.” Turkey is 3 business days to stop after an opt-out.
• “The fines I read are this year’s.” The base figures are inflation-adjusted annually; verify the 2026 amounts in the official text.

What Egressif does, and what stays with you

Egressif provides the sending mechanics ETK measures: authenticated, identifiable sending (SPF/DKIM/DMARC so the service provider behind a message is clear), an easy free unsubscribe, suppression on receipt so an opt-out is honored well inside the 3-business-day window, and durable records of consent and unsubscribe events. What stays with you is everything Turkey routes through its own systems and counsel: registering consents in the IYS (an obligation that runs to a national platform, not to us), confirming a recipient’s B2B/B2C status, the KVKK lawful-basis analysis, and verifying the current-year fine amounts. We make your handling provable; we do not register your consents in IYS or supply your KVKK basis.