1 Legal and enforcement framework

1.1 In broad terms, which legislative and regulatory provisions govern AI in your jurisdiction?

In Turkey, there is no specific law directly regulating AI. However, the following general laws impact AI or the outcomes of AI from different perspectives:

  • the Code of Obligations, in relation to liability from AI;
  • the Law on Personal Data Protection (6698), in relation to the processing of personal data by AI or during the development or training stages of the relevant AI;
  • the Law on Consumer Protection (6502), in relation to AI-based advertising;
  • the Criminal Code, in relation to crimes committed by using AI;
  • the Law on Industrial Property (6769), in relation to AI-generated inventions;
  • the Law on Intellectual and Artistic Works (5846), in relation to the copyright to AI-generated content;
  • the Law on Highway Traffic (2918), in relation to AI-equipped autonomous vehicles; and
  • sector-specific regulations in the electronic communications and finance sectors regarding customer identity verification.

1.2 How is established or 'background' law evolving to cover AI in your jurisdiction?

Within the scope of the Eleventh Development Plan adopted in 2019:

  • the Department of Big Data and AI Applications was established within the Presidency's Office of Digital Transformation; and
  • the development of a legislative framework commenced.

Subsequently, the National AI Strategy (2021-2025) was adopted in 2021 to set out the principles for legislative efforts and joint work was initiated with leading institutions in the field of technology research, such as the Scientific and Technological Research Council of Turkey. However, a finalised draft law has not yet been made public. It is expected that a similar regulation to the EU AI Act will be implemented.

1.3 Is there a general duty in your jurisdiction to take reasonable care (like the tort of negligence in the United Kingdom) when using AI?

Under Turkish law, AI does not have legal personality. Consequently, general principles of liability regulated under the Code of Obligations (or other laws regarding intellectual property, traffic accidents, consumer protection etc) will apply to the owners of AI.

Even though there are no specific regulations on AI, the general principles of Turkish civil liability law dictate that everyone must take reasonable care to avoid damaging others. This rule also applies to AI users and developers.

1.4 For robots and other mobile AI, is the general law (eg, in the United Kingdom, the torts of nuisance and 'escape' and (statutory) strict liability for animals) applicable by analogy in your jurisdiction?

There is no specific legal status designated for AI-equipped robots or other mobile assets. According to Turkish law, these commodities – which are considered tangible assets – are subject to the liability of their owners for the damage they cause. Although some authors have suggested that the liability rules related to the owners of animals, as regulated in the Code of Obligations, could apply by analogy, there are as yet no precedents to make the liability of animal owners or other similar rules appliable to such assets. Since there are no specific regulations on this matter, the high courts of Turkey may set precedents to clarify the legal position in relation to liability from damages caused by such assets.

1.5 Do any special regimes apply in specific areas?

No.

1.6 Do any bilateral or multilateral instruments have relevance in the AI context?

In relation to personal data protection, the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (108) was adopted into domestic law in 2016. Turkey has placed significant importance on cybersecurity in its digitalisation efforts and is a party to several instruments related to this matter, including the Budapest Convention on Cybercrime, which is the first global instrument on cybercrime.

Turkey is a member of Global Partnership on Artificial Intelligence (GPAI). The GPAI is an international, multi-stakeholder initiative which is built on a commitment to the Organisation for Economic Co-operation and Development Recommendation on AI to:

  • ensure the responsible development and use of AI; and
  • foster international cooperation grounded on the principles of:
    • human rights;
    • inclusion;
    • diversity;
    • innovation; and
    • economic growth.

Recently, the European Commission signed an association agreement with Turkey – the Digital Europe Programme – which will enable businesses, public administrations and other eligible organisations in the country to participate in projects that deploy digital technologies. The Digital Europe Programme is an EU funding programme which will provide funding and support projects in several areas, including AI, with a planned overall budget of €7.5 billion. Under this programme, digital innovation hubs will be set up in Turkey.

In 2023, a memorandum of understanding on cooperation in digital transformation was signed with the United Arab Emirates. According to this agreement, the two countries will collaborate to enhance their technological capabilities and investments in the space and AI sectors.

1.7 Which bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?

As there are no specific laws or regulations regarding AI, there is no specific enforcement body related to AI. However, certain regulatory authorities have relevance in this regard, as they enforce legislation that also impacts AI.

The Personal Data Protection Authority is responsible for enforcing the Law on Personal Data Protection, which means that all personal data processing activities regarding AI are subject to its supervision. Other institutions that may implement and enforce AI-related regulations include:

  • the Banking Regulation and Supervision Authority;
  • the Information and Communications Technology Authority;
  • the Financial Crimes Investigation Board; and
  • the Advertising Board.

The National Technology General Directorate, under the Ministry of Industry and Technology, also plays a role in determining policies and strategies related to AI. Moreover, it is responsible for:

  • enhancing the competencies of individuals and businesses in this field;
  • taking measures to develop and promote intelligent systems;
  • launching support and incentive programmes; and
  • implementing plans and projects.

The Department of Big Data and AI Applications, affiliated with the presidency, is responsible for developing strategies and coordinating the effective use of major AI applications in public institutions as part of the policies defined. Additionally, it has the authority to support the necessary projects and activities for the development of AI applications in public institutions.

1.8 What is the general regulatory approach to AI in your jurisdiction?

In line with the aim of increasing the number of AI-enabled projects and thus the use of AI, Turkey has adopted a primarily supportive and encouraging approach, rather than a regulatory approach. Therefore, AI-related practices in both the legislative and judicial spheres have not yet materialised. However, efforts are being made to address concerns in the areas of cybersecurity and personal data protection. To this end, the Information and Communications Technologies Authority and the Personal Data Protection Authority are organising events to raise awareness of AI among businesses and consumers. The Personal Data Protection Authority has also published guidelines on AI and personal data protection.

2 AI market

2.1 Which AI applications have become most embedded in your jurisdiction?

Currently, machine learning, deep learning, generative AI, chatbots and image processing are the most embedded applications in Turkey.

Chatbots are extensively used to obtain new customers and manage customer relations. In finance, chatbots and speech recognition enhance customer satisfaction and streamline financial instrument management. In healthcare, a chatbot application for diagnosing diseases has been developed; and in the textile industry, there is a digital-style consultant chatbot application.

Image processing capabilities enhance the quality control process and monitor production efficiency on the production line. In addition, image processing features are used by the National Intelligence Organisation to ensure border security: people who may pose a danger are prevented from entering the country by identifying them at Customs. Other examples include the following:

  • Unmanned aerial vehicle data, processed with image processing, can optimise goods routes;
  • AI assists in soil analysis;
  • The Ministry of Agriculture is deploying AI for fire risk protection in agriculture and forests; and
  • AI image processing applications play a crucial role in target and radar systems.

Primarily, big data analysis by machine learning is employed to calculate raw material usage, thereby increasing efficiency in manufacturing. In finance, machine learning applications analyse transactions and boost product visibility to meet evolving industry needs. In the research and development process of the TOGG – Turkey's first mass-produced domestic automobile – autonomous driving and safety software is supported by machine learning applications. Additionally, the production line's robotic devices in one of Turkey's largest facilities are supported by this technology. In the defence industry, machine learning applications are being used to operate autonomous flights.

With regard to deep learning, the Court of Cassation is developing an AI system using deep learning to categorise precedents. In the cybersecurity sector, malware detection and attack detection and prevention systems are being developed through deep learning.

2.2 What AI-based products and services are primarily offered?

Chatbot applications such as ChatGPT 4 are widely preferred in Turkey, both by businesses and among regular users. In business, chatbots and customer identity verification systems are widely used for customer services, mostly in banking and e-commerce. Even the government has implemented an AI-based online support system through an e-government application featuring a chatbot with deep learning. Furthermore, the Bing application developed by Microsoft was made available for use in Turkey in the first quarter of 2023.

Numerous companies primarily use AI to automate routine tasks and conduct comparative analysis of big data. For example, in the financial sector, AI is used to analyse transactions; and in the energy sector, it is used for efficient distribution and planning.

In manufacturing, AI optimises raw material usage, monitors production efficiency and enhances quality control in mass production, resulting in near-flawless automation.

AI is also used in marketing – for example:

  • advertising for personalised brand ads;
  • enhanced targeting; and
  • predictive modelling.

In the defence sector, AI software plays a crucial role in projects such as the TF-X fighter jet by TUSAŞ. It is also integral to radar systems and is extensively utilised in products such as the Atak-2 helicopter and the Bayraktar TB-2 UAV projects developed by TUSAŞ and Baykar respectively.

The government is also benefiting from AI. Turkey's Digital Transformation Office aims to use AI for healthcare diagnosis and treatment planning. Consequently, an application called Neyim Var? has been launched, allowing patients to benefit from this AI-equipped platform without the need to physically visit a doctor. The Ministry of Education offers students an AI-supported examination preparation platform. Moreover, Istanbul Metropolitan Municipality's sports facilities utilise AI applications to generate personalised training programmes, adjusting routines based on athletes' progress and measurements. Also, Istanbul Metropolitan Municipality uses an AI-equipped early warning system which monitors drivers' movements and collects data for autonomous driving.

In the field of art, the use of AI is seen in the world-famous works of media artist and designer Refik Anadol.

2.3 How are AI companies generally structured?

They are generally structured as joint stock companies, which makes investment procedures easier.

2.4 How are AI companies generally financed?

In Turkey, AI start-ups may receive financing from both the government and the private sector. Within the scope of the National AI Strategy, government support and funding opportunities for companies engaged in research and development have been increased. Although it addresses companies of all sizes working in the field of AI, one of the priorities of the strategy is to support entrepreneurship. In this context, AI-focused venture capital funds have been established. AI start-ups are also supported through incentive systems such as technology parks (see question 10.2). Technology firms can benefit from incentives such as:

  • tax exemptions;
  • employee social security premium exemptions; and
  • rent and wage support.

In the private sector, AI start-ups are funded by various methods. One such method is accelerators and incubation centres such as:

  • ITU Çekirdek;
  • Inventram;
  • ETohum;
  • BTM; and
  • Teknopark Istanbul.

Crowdfunding is also available within the principles determined by the Capital Markets Board. Other methods include fundraising through:

  • funding rounds;
  • private equity firms; and
  • angel investors.

The Turkey AI Initiative was established in 2017 with the aim of developing the AI ecosystem in Turkey. It has played a role in supporting numerous initiatives since then; as of September 2023, a total of 325 initiatives had been supported.

According to a report by StartupCentrum, the AI and machine learning sector is the sector that has received the most investment in Turkey, with investments totalling $118 million in the first six months of 2023 alone. The 2022 Bilişim 500 report also stated that the revenue generated by technology companies in Turkey from AI-based products and services is approaching nearly TRY 1 billion.

2.5 To what extent is the state involved in the uptake and development of AI?

The Digital Transformation Office, established under the Digital State Strategy, manages Turkey's digitalisation journey, including in the field of AI. Within this framework, the National AI Strategy has been published, summarising the goals and plans to expand the use of AI in both the public and private sectors. In line with these goals, the Department of Big Data and AI Applications is working to increase the use of AI programmes in public institutions.

According to a United Nations report, Turkey's e-government system has been developed with evolving technologies and ranks 15th out of 169 countries, with a usage rate of 69%. Additionally, the Scientific and Technological Research Council of Turkey AI Institute, which was established to support and develop projects in the private sector, acts as a bridge between domestic and foreign entrepreneurs and public institutions and companies.

3 Sectoral perspectives

3.1 How is AI currently treated in the following sectors from a regulatory perspective in your jurisdiction and what specific legal issues are associated with each: (a) Healthcare; (b) Security and defence; (c) Autonomous vehicles; (d) Manufacturing; (e) Agriculture; (f) Professional services; (g) Public sector; and (h) Other?

Due to the rapid advancements in AI technologies over the past decade, a race for transformation has begun in many sectors, including fintech, e-commerce, banking and telecommunications. All can benefit from features of AI such as:

  • speech recognition;
  • natural language processing;
  • machine learning; and
  • robotics.

(a) Healthcare

The Institute for Health Data Research and AI Applications in Turkey established an application in 2019. Through this, efforts are being made to:

  • increase the use of AI in the healthcare sector;
  • coordinate activities; and
  • develop the digital health ecosystem.

From a regulatory perspective, the Regulation on Personal Health Data relates to AI. Guidance on the processing of genetic data was recently published by the Personal Data Protection Authority, which restricts the transfer of health data abroad.

(b) Security and defence

In this field, AI applications are heavily regulated under:

  • the Defence Industry Security Regulation; and
  • the Defence Industry Security Directive.

In addition, a presidential decree titled Measures for Information and Communication Security mandates that data collected by AI applications:

  • be stored on servers within Turkey; and
  • not be transferred abroad, in the case of data owned by public institutions.

(c) Autonomous vehicles

Although there is no specific regulation or regulatory authority dedicated to AI in this field, the General Directorate of National Technology under the Ministry of Industry and Technology is involved in the integration and audit of AI applications. Recently, Turkey introduced its first domestically produced mass production car, the TOGG. The electric TOGG brand has closely followed technological advancements, with one of its most notable features being autonomous driving capabilities, so regulations in this regard may be expected soon.

(d) Manufacturing

Although there is no specific regulation or regulatory authority dedicated to AI in this field, the General Directorate of National Technology under the Ministry of Industry and Technology is involved in the integration and auditing of AI applications.

(e) Agriculture

Although there is no specific regulation or regulatory authority dedicated to AI in this field, the General Directorate of Agricultural Research and Policies under the Ministry of Agriculture and Forestry promotes and monitors AI applications.

(f) Professional services

The Regulation on Remote Identification Methods to be Used in Banks grants the Banking Regulation and Supervision Board the authority to regulate the principles and procedures for enabling customer representatives to perform tasks using AI-equipped chatbot applications.

(g) Public sector

The Turkish Standards Institute has established mirror committees within both the International Organization for Standardization and the European Committee for Standardization frameworks, conducting work related to AI applications.

(h) Other

The Council of Higher Education, which is authorised to establish the academic order in Turkey, regulates the use of AI applications in universities for academic purposes.

4 Data protection and cybersecurity

4.1 What is the applicable data protection regime in your jurisdiction and what specific implications does this have for AI companies and applications?

The Law on Personal Data Protection was enacted in 2016 to regulate the processing and protection of personal data in Turkey. The Personal Data Protection Authority is the body which enforces the law.

AI learns from, analyses and derives predictions based on data. As a result, the protection of personal data and privacy issues in terms of AI uses can lead to serious problems and are closely scrutinised by the Personal Data Protection Authority. Accordingly, AI companies must comply with the general principles of the Law on Personal Data Protection, which may be summarised as follows:

  • The processing of personal data must be lawful, fair, accurate and up to date.
  • Data minimisation and proportionality principles must be implemented.
  • Data subjects must be informed about processing activities and their consent should be obtained depending on the nature of the processing activity.
  • Depending on the scope of the data processing activity and the size of the AI company, registration with the Data Controller Registry and the appointment of a local representative may be required.
  • Personal data must be stored for the period laid down in the relevant legislation or required for the purposes for which it is processed.

Cross-border personal data transfers generally require the explicit consent of the data subjects, which may cause operational problems for AI companies, especially when using cloud services.

The Law on Personal Data Protection authorises data subjects to:

  • object to conclusions reached exclusively through automated data processing activities; and
  • request compensation for negative outcomes.

For AI companies, this may mean that additional disputes must be dealt with.

4.2 What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for AI companies and applications?

Cybersecurity is a key focus in Turkey's digital transformation. Therefore, there are both regulatory and guiding regulations in place. First, the Law on Electronic Communications (5809) and the Regulation on Network and Information Security in the Electronic Communications Sector establish the Cybersecurity Board, which operates under the Information Technologies and Communications Authority. The Cybersecurity Board is responsible for:

  • approving policies, strategies and action plans related to cybersecurity; and
  • making necessary decisions for their effective nationwide implementation.

Within this scope, the National Cyber Events Intervention Centre and institutional cyber-event intervention teams within public and private institutions have been established to deal with cybersecurity events.

To address security risks, it is expected that an AI risk map will be developed and published as a guiding recommendation for both developers and users. This map not only will serve the purpose of oversight and guidance, but will also be used in the creation of a trustworthy AI seal marking system.

Furthermore, the Digital Transformation Office under the presidency has prepared the National Cybersecurity Strategy and Action Plan, which has led to the publication of the Information and Communication Security Guide. In addition, a presidential decree titled Measures for Information and Communication Security outlines measures for the storage and transportation of data that both public institutions and private sector organisations must implement.

The Law on Personal Data Protection and other sector-specific laws (eg, in the banking and electronic communications sectors) also require information security measures to be taken. The Law on Personal Data Protection further sets out a data breach notification mechanism.

5 Competition

5.1 What specific challenges or concerns does the development and uptake of AI present from a competition perspective? How are these being addressed?

Where AI applications are used to create advertisements, concerns may arise in relation to the competition regulations. The possibility for AI programs to operate without considering the Law on the Protection of Competition (4054) might cause a company to engage in unfair competition practices and harmful consequences such as:

  • false advertising;
  • misappropriation of goodwill; or
  • product imitation.

To address these issues, developers should:

  • seek legal assistance from experts; and
  • ensure that AI applications are trained while considering local competition regulations and precedents, which can vary from country to country.

Notably, in Turkey, the Advertising Board, which is affiliated with the Ministry of Trade, made an unprecedented decision at its September 2023 meeting not to approve ads created using ChatGPT 4, stating that they can result in acts of unfair competition and lead to false advertising through unjustified praise. Additionally, in the past, companies that engaged in online marketplaces or search engine activities have been penalised for unfairly promoting certain products. As AI continues to advance, its use in this area should be considered to prevent recurring violations of the same nature.

Another issue is the potential for AI programs, especially chatbot applications, to engage in unfair competition practices. It is thus essential to pay attention to the statements generated by AI programs. Considering that programs are often fed with a wide range of data by users, steps should be taken to avoid disparaging or unfairly promoting brands. To address this issue, user inputs relating to brands should be verified or specific commands entered in relation to local brands in the operating country.

6 Employment

6.1 What specific challenges or concerns does the development and uptake of AI present from an employment perspective? How are these being addressed?

The proliferation of AI-supported programs, robots and machines has transformed today's workspaces. As a result of AI's ability to perform certain tasks more accurately, faster and at a lower cost than humans, employer preferences have started to shift. Consequently, unemployment rates have increased – and, more importantly, intergroup conflicts have begun to emerge. Although ongoing technological advancement means that change is inevitable, it must be managed in the healthiest possible way for society.

To address these issues, a section of the National Artificial Intelligence Strategy is dedicated to the evolving work systems and labour force impacted by AI. In this regard, a situational analysis was conducted and goals were set to ensure a smooth transition for both employees and employers. The primary objective is to raise awareness among employees and employers regarding changes in occupational health and safety due to the use of AI systems; seminars have been organised by the Information and Communication Technologies Authority for this purpose. In addition to publicly supported training, employers are encouraged to invest in workforce training in the field of AI through tax incentives and grants. Furthermore, to navigate this process with minimal conflict, the establishment of social dialogue mechanisms between employers and labour organisations aims to address the transformation of professions and the impact on the workforce by AI.

7 Data manipulation and integrity

7.1 What specific challenges or concerns does the development and uptake of AI present with regard to data manipulation and integrity? How are they being addressed?

AI programs, when trained on extensive datasets, may generate biased or discriminatory outcomes, often stemming from the quality of the data that they are trained on. In addition, AI systems are vulnerable to manipulation due to their exposure to user inputs, which can further influence their generated outcomes. Additionally, commercial pressures to ensure that AI programs respond consistently can result in misleading or inaccurate answers. For example, AI may generate precedents or change current precedents to comply with the customer's wishes.

Cybersecurity is another paramount concern in the use of AI. To conduct AI activities effectively, robust safeguards against cyberattacks by malicious entities are crucial. This is especially vital during AI training and output generation, where a so-called 'black box', preventing third-party interference and retaining control within the hands of the developers, is essential.

In addition, hardware should work perfectly and to this end all sensors and moving parts must be overhauled regularly. Consequently, it should be underlined that AI systems require accurate, updated and complete data with strong safeguard mechanisms. These measures are instrumental to ensure the delivery of more reliable AI applications to the public.

8 AI best practice

8.1 There is currently a surfeit of 'best practice' guidance on AI at the national and international level. As a practical matter, are there one or more particular AI best practice approaches that are widely adopted in your jurisdiction? If so, what are they?

The Personal Data Protection Authority has published Recommendations on the Protection of Personal Data in the Field of Artificial Intelligence, which provide guidance for developers, manufacturers, service providers and decision-makers operating in the field of AI. The protection of fundamental rights and freedoms is emphasised when processing data by AI. It is underlined that the data processed by AI must comply with the general principles on the collection and processing of personal data (see question 4.1). Accordingly, personal data must be controllable by the data subject.

Further recommendations in this regard that have been adopted by the Personal Data Protection Authority include:

  • the Guidelines on AI and Data Protection published by the Council of Europe;
  • the Recommendation of the Council on AI published by the Organisation for Economic Co-operation and Development; and
  • the Ethics Guidelines for Trustworthy AI published by the European Commission.

The Ministry of Health has significantly improved security measures in response to emerging technologies, including AI, through the release of the Information Security Policies Directive and Guide. Additionally, a dedicated workshop on Data Infrastructure Development for AI in Healthcare resulted in a comprehensive report with valuable recommendations for the healthcare sector.

The Ethics Guidelines for Trustworthy AI have also been analysed by the Istanbul Bar Association AI Working Group and the principles were published in this context.

The Scientific and Technological Research Council of Turkey BILGEM Cloud Computing and Big Data Research Laboratory has published articles on trustworthy AI and audits of AI systems. It also provides advisory information related to global guides, such as A Guide to the Information Commissioner's Office (ICO) Audit: Artificial Intelligence Audits.

8.2 What are the top seven things that well-crafted AI best practices should address in your jurisdiction?

As has been emphasised in the field of AI in general, the following principles are particularly important in Turkey:

  • transparency and fairness;
  • reliability;
  • accountability;
  • human rights-centricity;
  • compliance;
  • non-discrimination; and
  • environmental friendliness.

8.3 As AI becomes ubiquitous, what are your top tips to ensure that AI best practice is practical, manageable, proportionate and followed in the organisation?

It is important to take account of the following issues, among others:

  • Compliance with relevant laws is crucial. In Turkey, it is essential to ensure that all actions fall within the scope of the Law on Personal Data Protection and the Law on the Protection of Competition (see questions 4 and 5).
  • AI ethics is a global concern, including in Turkey.
  • Companies operating AI applications should develop strategies for handling AI-related risks – including financial, operational and legal risks – and take out appropriate insurance.
  • Publication of a list of third-party users and their purposes, excluding confidential information, can help to prevent malicious use.
  • Data localisation can be important because Turkey's digital transformation policies may require localisation of both data servers and employees.
  • Ensuring transparency in monitoring software and hardware is vital, as it provides customers with reliable feedback. In this regard, collaboration with public authorities can also enhance the trustworthiness of AI-equipped programs.

9 Other legal issues

9.1 What risks does the use of AI present from a contractual perspective? How can these be mitigated?

The use of AI while performing a contract poses a risk of breach of the contract if the AI has false or faulty outcomes. In such cases, the owner of the AI will be responsible for breaching the contract and must pay damages accordingly. As AI technology is still far from perfect:

  • liability limitation clauses, where applicable, and service level clauses should be included in the contract; and
  • the contract should:
    • avoid any result guarantees; and
    • explicitly state that the AI is not perfect and can sometimes produce false or faulty outcomes.

These clauses should significantly reduce the financial risks.

The contract should also include provisions on the use of data sharing and feedback mechanisms to enable the development of AI so that product quality can be enhanced and the risk of paying damages due to harming the relevant party's reputation can be reduced.

9.2 What risks does the use of AI present from a liability perspective? How can these be mitigated?

As AI is not accepted to have legal personality, users of AI will be liable for any damages caused by AI. Therefore, contractual measures to reduce liability and measures to prevent torts (including IP infringement) may help to mitigate liability-based risks.

9.3 What risks does the use of AI present with regard to potential bias and discrimination? How can these be mitigated?

As AI programs rely on data-driven learning, if the processed data is biased, the decisions or statements made by AI will also be influenced by that bias. While assessments based solely on data and statistics may work flawlessly in mechanical situations such as autonomous driving, and may even surpass the capacity of the human brain in managing certain tasks, they are susceptible to the perspectives of the previous input data, which may lead discrimination.

Given Turkey's high degree of cultural diversity and past challenges related to such diversity, it is crucial for AI programs to operate at a highly sensitive level. Especially in chatbot applications, asking manipulative questions to elicit the desired responses from people should be avoided, as this can lead to misunderstood responses by the program. In this regard, for input text, some words should be censored or the program should be specifically trained for such words. To provide a healthy AI experience, the continuous monitoring of users and the rigorous testing of programs – especially on sensitive topics – are essential. Furthermore, user feedback should be reviewed carefully by teams of experts comprised of real individuals.

Failure to prevent bias and discrimination may lead to civil liability or criminal liability, depending on the case at hand. Contractual measures may help to mitigate civil liability-related risks.

10 Innovation

10.1 How is innovation in the AI space protected in your jurisdiction?

AI applications are primarily subject to the laws governing intellectual property in Turkey – that is:

  • the Law on Intellectual and Artistic Works (5846); and
  • the Law on Industrial Property (6769).

Under these laws, the Patent and Trademark Office effectively operates to register and protect IP rights. Additionally, specialised courts with expert judges have been established to ensure the rapid and reliable resolution of disputes related to intellectual property.

The National AI Strategy includes goals to review the IP legislation relating to the field of AI within the framework of international norms and improvements are planned to enhance support in this regard. Furthermore, Turkey's commitment to software and workforce development in the field of cybersecurity has led to significant investments in both the private and public sectors. This, in turn, contributes to safeguarding innovations from malicious actors.

On the other hand, according to the Law on Industrial Property, the right to obtain a patent belongs to the inventor or its legal successors. Consequently, there are no provisions stating that AI may qualify as an inventor. However, there is no legal precedent on this issue and no relevant application has as yet been made to the Patent and Trademark Office in relation to AI.

10.2 How is innovation in the AI space incentivised in your jurisdiction?

The Law on Technology Development Zones (4691) allows companies to be established in technology park zones upon project approval (there are currently 101 such companies in Turkey). This grants technology firms access to incentives such as:

  • tax exemptions;
  • employee social security premium exemptions;
  • rent and wage support; and
  • collaboration opportunities with academics and researchers in these zones.

The Directorate of Big Data and AI Applications and the National Technology General Directorate execute high-impact projects at the national level, such as the Teknofest, which showcases organisations with AI-equipped products. In addition, in 2020, the Scientific and Technological Research Council of Turkey (TUBITAK) AI Institute was established to train AI researchers and promote AI technology entrepreneurship. Furthermore, the Ministry of Industry and Technology has organised the AI Ecosystem 2023 Programme. Under this programme, the Digital Transformation Office acts as the customer institution and the TUBITAK AI Institute collaborates with applicants to coordinate projects based on the needs of public institutions.

In 2022, the Council of Higher Education included an AI engineering undergraduate programme among its supported programmes. Students choosing this programme are provided with scholarships each year to promote the production and widespread use of AI-supported software.

11 Talent acquisition

11.1 What is the applicable employment regime in your jurisdiction and what specific implications does this have for AI companies?

The Law on Labour (4857), which entered into force on 10 June 2003, regulates labour relations in Turkey. The key principle of Turkish labour law is to protect employees from employers. Therefore, employers have limited power to impose the following clauses, among others:

  • confidentiality clauses;
  • a commitment to work for a minimum period;
  • non-compete clauses; and/or
  • penalty clauses.

Thus, employee retention may be a challenge; the solution depends mostly on communication with employees and the benefits provided, rather than legal terms.

11.2 How can AI companies attract specialist talent from overseas where necessary?

The National AI Strategy aims to facilitate the employment of talented foreign nationals and immigrants in the field of AI. As mentioned in question 10.2, technology park zones provide significant incentives and supports for employees. In general, talented foreign employees can benefit from simplified procedures for residence and working permits.

Turkey is also a safe haven for individuals from the Middle East and Eastern Europe. Due to the political instabilities in these regions and the relatively low costs of doing business compared to the European Union, Turkey is seen as an advantageous location for AI companies to establish themselves and attract talent from overseas.

12 Trends and predictions

12.1 How would you describe the current AI landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

One goal of Turkey's Medium-Term Program (2024-2026), which was finalised and published in September 2023, is to achieve legal alignment with the European Union. As a result, the preparation of a comprehensive AI regulation is on the agenda, as approved in the European Parliament in June 2023.

The National AI Strategy was adopted in August 2021. According to this strategy, efforts will be made to achieve legal alignment with the European Union. In line with these goals, the Directorate General for Big Data and AI Applications, established in 2019, is cllaborating with academic institutions, the private sector and non-governmental organisations.

As Turkey has a talented, low-cost workforce and a supportive environment for start-ups, it is anticipated that the AI market will grow within the next 12 months, for both AI users and developers.

13 Tips and traps

13.1 What are your top tips for AI companies seeking to enter your jurisdiction and what potential sticking points would you highlight?

Turkey has a talented, low-cost workforce and plenty of public and private incentives to do business, making it a great place to develop and sell AI applications on both the domestic and international markets. We recommend that AI companies take advantage of this business environment before considering any legal issues.

In addition, Turkey's laws and regulations are largely similar to those of the European Union. Therefore, most global compliance programmes will be suitable for application in Turkey without any significant efforts to localise them. Therefore, from a legal point of view, Turkey is an AI-friendly country.

Finally, important legal issues that AI companies should be aware of include the following:

  • As the Personal Data Protection Authority has stated in its recommendations, AI projects based on personal data processing should have their own specific data protection compliance programme to ensure that personal data is protected from the outset. AI may need to update and destroy information where this is demanded by a data subject, so appropriate mechanisms for this must be established.
  • Trademarks, patents and copyrights must be managed properly in Turkey in addition to other markets in which the AI company operates, in order to protect AI related technology and know-how.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.