Detailed overview
Türkiye does not currently regulate AI through a single horizontal AI Act equivalent to the EU AI Act. AI is regulated mainly through existing personal-data, consumer, employment, cybersecurity, criminal and sectoral laws, supported by official guidance from the Turkish Personal Data Protection Authority, KVKK.
KVKK Generative AI Guide
KVKK published the Guide on Generative Artificial Intelligence and the Protection of Personal Data on 24 November 2025. The guide focuses on generative AI systems and their impact on personal-data protection. It aims to guide actors that act as data controllers during generative-AI lifecycle processing and to promote a privacy-respecting approach to the development and use of generative AI.
KVKK's AI guidance emphasises that AI should be developed and used in a human-centred, safe, responsible and socially beneficial way. It also states that generative AI systems should be developed and implemented with respect for human rights, fundamental freedoms, transparency, auditability and human-centred governance.
Personal data in AI
KVKK's earlier recommendations on personal data in AI explain that AI activities relying on personal-data processing must comply with Law No. 6698 on the Protection of Personal Data and secondary legislation. The recommendations refer to principles such as lawfulness, fairness, proportionality, accountability, transparency, accuracy, data security, specified and limited use of personal data, respect for human dignity and protection of fundamental rights.
Where AI processing creates high risk for personal-data protection, KVKK recommends conducting a privacy impact assessment and evaluating legal compliance within that assessment. AI systems should also be developed with data protection by design, and stricter technical and administrative measures should be used where special categories of personal data are processed. Where the same result can be achieved without personal data, anonymisation should be preferred.
Shadow AI in the workplace
KVKK has also published guidance on the use of generative AI tools in workplaces. The guidance discusses "shadow AI," meaning employees' use of generative AI tools outside the organisation's knowledge, approval or control. KVKK recommends that organisations create clear internal policies or guidance on acceptable generative-AI use, permitted tools, permitted activities, types of information that may be submitted, output-use rules, data privacy and security, risk-management approaches and employee training.
Penalties
Türkiye does not currently have one AI-specific fine table. Penalties depend on the underlying legal regime, especially personal-data protection law where AI processes personal data. AI systems used in regulated sectors, employment, finance, healthcare, advertising or consumer-facing services may also trigger sectoral enforcement.