Introduction
Confidentiality and non-disclosure agreements in Turkish international business are essential legal instruments for protecting trade secrets, commercial information, technical know-how, financial data, customer lists, supplier networks, pricing models, product designs, software, business plans, M&A data rooms, joint venture negotiations and cross-border investment discussions. In modern commercial practice, information is often as valuable as physical assets. A company may lose competitive advantage not because a factory, warehouse or trademark is taken, but because confidential information is disclosed, copied, transferred or used without authorization.
Turkey is a major commercial jurisdiction for foreign investors, exporters, importers, technology companies, manufacturers, distributors, franchise systems, construction companies, logistics operators, private equity funds and start-ups. These businesses regularly exchange sensitive information during negotiations, due diligence, supply arrangements, licensing, franchise expansion, agency appointments, distributor selection, manufacturing cooperation, employment, outsourcing and settlement discussions. Every one of these relationships may require a carefully drafted confidentiality agreement or non-disclosure agreement, commonly known as an NDA.
Turkish law does not regulate NDAs under one single statute. Instead, confidentiality protection is created through general contract law, the Turkish Code of Obligations, the Turkish Commercial Code, unfair competition rules, employment law, the Turkish Criminal Code, intellectual property law, data protection law and the parties’ written contract. Contractual confidentiality obligations are therefore not a replacement for statutory protection; they operate in addition to mandatory Turkish legal rules. Turkish legal commentary on confidentiality confirms that contractual obligations in a confidentiality agreement governed by Turkish law are additional to legally imposed obligations of confidence, rather than replacing them.
For international businesses, the key issue is not simply signing a template NDA. The agreement must define what information is confidential, who may access it, how it may be used, whether personal data is involved, how long confidentiality lasts, what happens after negotiations end, whether foreign affiliates may receive information, which law applies, which court or arbitral tribunal has jurisdiction, and what remedies are available if a breach occurs.
1. What Is a Confidentiality Agreement or NDA?
A confidentiality agreement is a contract under which one or more parties undertake not to disclose, misuse, copy, transfer or exploit certain information received from another party. An NDA may be unilateral, bilateral or multilateral.
A unilateral NDA is used when only one party discloses confidential information. For example, a Turkish manufacturer may disclose production know-how to a foreign buyer, or a foreign franchisor may disclose manuals and brand standards to a Turkish franchise candidate.
A mutual NDA is used when both parties exchange confidential information. This is common in joint venture negotiations, M&A transactions, technology licensing, supply partnerships and strategic cooperation.
A multilateral NDA may be used where several parties are involved, such as investors, target companies, advisors, lenders, consultants, affiliates and project partners.
Under Turkish law, NDAs are generally based on the principle of freedom of contract. Article 26 of the Turkish Code of Obligations provides that parties may freely determine the content of a contract within legal limits. This means parties can define their own confidentiality obligations, provided that the agreement does not violate mandatory law, public order, personal rights, data protection rules or other legal restrictions.
2. Why NDAs Matter in Turkish International Business
NDAs matter because international business negotiations often require disclosure before trust is fully established. A foreign investor may need access to a Turkish company’s financial statements, tax records, customer contracts, employee data, software code, supplier information and litigation files before making an acquisition offer. A Turkish exporter may need to disclose manufacturing processes or pricing details to a foreign distributor. A technology company may share source code or product architecture with a potential Turkish partner. A franchisor may disclose business manuals, design concepts and customer experience standards before appointing a franchisee.
Without a clear NDA, the disclosing party may still rely on Turkish statutory protections, but enforcement becomes more difficult. The recipient may argue that the information was not confidential, was already known, was received from another source, was not marked confidential, was disclosed without restriction, or was used only for ordinary commercial evaluation.
A properly drafted NDA reduces these disputes by defining confidentiality in advance. It creates contractual evidence that the information was disclosed under restriction. It also establishes remedies, jurisdiction, duration, return obligations and permitted disclosures.
3. Trade Secrets under Turkish Law
Trade secrets are one of the most important categories of confidential information. Turkish law protects trade secrets through several legal mechanisms, but there is no single comprehensive Trade Secrets Act equivalent to some other jurisdictions. Legal commentary notes that the most detailed protection for trade secrets in Turkey is provided by the unfair competition provisions of the Turkish Commercial Code.
Trade secrets may include manufacturing processes, formulas, algorithms, technical drawings, source code, recipes, customer lists, supplier terms, business strategies, pricing models, financial projections, investment plans, market entry strategies, tender documents and internal reports. The key feature is that the information is not generally known, has commercial value because it is secret, and is subject to reasonable efforts to keep it confidential.
An NDA helps prove that reasonable confidentiality measures were taken. However, a company should also support the NDA with internal controls such as access restrictions, password protection, document labeling, data room permissions, employee training, clean desk policies, cybersecurity measures, confidentiality notices and careful recordkeeping.
4. Turkish Commercial Code and Unfair Competition Protection
The Turkish Commercial Code protects confidential information through unfair competition rules. Article 55 includes unlawful disclosure of production and business secrets as an act contrary to good faith. The English translation of the Turkish Commercial Code refers to “unlawfully revealing production and business secrets” and treats the person who evaluates or informs others of information secretly or unlawfully obtained as acting against integrity.
This is highly important for business disputes. Even if there is no written NDA, the unlawful acquisition, use or disclosure of business secrets may constitute unfair competition. However, where an NDA exists, the injured party has both contractual and unfair competition arguments.
Unfair competition claims may be useful where confidential information is misused by a competitor, former distributor, former employee, supplier, consultant, franchisee, local partner or third party that knowingly receives unlawfully obtained information. Legal commentary explains that Article 55/1(d) of the Turkish Commercial Code treats the unlawful disclosure, evaluation or transfer of production and business secrets as unfair competition, and gaining economic benefit is not required for the conduct to be considered unfair.
5. Civil Remedies for Breach of Confidentiality
If an NDA is breached, the injured party may seek civil remedies under Turkish contract law and, where applicable, unfair competition law. Article 112 of the Turkish Code of Obligations provides that if an obligation is not performed at all or properly, the debtor must compensate the creditor’s damages unless the debtor proves absence of fault.
In an NDA breach, damages may include lost profits, loss of business opportunity, unfair gain obtained by the breaching party, corrective measures, investigation costs, loss of competitive advantage, reputational harm and harm caused by disclosure to competitors or customers. However, proving damages can be difficult. It may be hard to show exactly how much profit was lost because a customer list, pricing model or technical drawing was disclosed.
For this reason, NDAs often include penalty clauses, liquidated damages, injunctive relief clauses, evidence clauses and audit rights. Under Turkish law, penalty clauses should be drafted carefully because excessive penalties may be subject to judicial review and reduction in certain circumstances. The clause should be commercially proportionate and connected to the seriousness of the breach.
6. Criminal Liability for Disclosure of Trade Secrets
Serious confidentiality breaches may also create criminal law risk. Article 239 of the Turkish Criminal Code regulates disclosure of information or documents qualified as trade secrets, banking secrets or customer secrets. Legal commentary states that persons who disclose or provide unauthorized persons with trade secret, banking secret or customer secret information or documents they possess due to title, duty, profession or job may face imprisonment and judicial fine upon complaint.
Criminal complaints should be used carefully. Not every NDA breach is a crime. A commercial dispute over whether information was confidential may remain a civil matter. However, where there is intentional theft, unauthorized transfer of customer data, disclosure of confidential financial documents, exploitation of trade secrets by a former employee or bad-faith transfer of technical information to a competitor, criminal strategy may become relevant.
A criminal complaint does not replace civil remedies. The injured party may still need to seek injunctions, damages, unfair competition remedies or contractual enforcement. But criminal proceedings can be important where the breach is deliberate, serious and supported by clear evidence.
7. Employee Confidentiality Obligations
Employment relationships require special attention. Employees often access highly sensitive information: customer lists, passwords, pricing, internal strategy, source code, designs, production methods, formulas, supplier information, HR data and financial records.
Article 396 of the Turkish Code of Obligations imposes a duty of loyalty on employees and includes confidentiality obligations. Legal commentary explains that employees must not use information learned during employment, especially production and business secrets, for their own benefit or disclose it to others; the obligation may survive termination where confidentiality remains necessary to protect the employer’s legitimate interest.
This means confidentiality may exist even without a separate employee NDA. However, employers should still use written confidentiality clauses in employment contracts and separate NDAs for key employees, executives, engineers, software developers, sales managers, finance teams and employees accessing trade secrets. Written clauses help define scope, duration, post-employment obligations, return of devices, deletion of files and consequences of breach.
8. Confidentiality versus Non-Compete
Confidentiality clauses should not be confused with non-compete clauses. A confidentiality clause prevents disclosure or misuse of protected information. A non-compete clause restricts a person or company from engaging in competing activity.
Under Turkish law, confidentiality obligations can often last as long as the information remains secret and commercially valuable. Non-compete obligations are subject to stricter limitations, especially in employment and agency relationships. A company should not try to disguise an excessive non-compete as a confidentiality clause. If the clause effectively prevents a person from working in an industry without clear connection to confidential information, it may be challenged.
For international business, the safer approach is to draft a focused confidentiality clause and, where necessary, a separate, legally limited non-compete or non-solicitation clause.
9. Confidentiality in M&A and Due Diligence
M&A transactions are one of the most common settings for NDAs in Turkey. A buyer may request access to a target company’s legal, financial, tax, commercial, employment, IP, real estate and litigation records. This process may expose the seller to serious risk if the buyer is a competitor or later withdraws from the transaction.
An M&A NDA should regulate:
Data room access.
Permitted recipients.
Advisor access.
Use of information only for evaluating the transaction.
No contact with employees, customers or suppliers without permission.
No poaching of employees.
Return or destruction of documents.
Restrictions on copies and downloads.
Personal data protection.
Public announcement prohibition.
Survival period.
Governing law and dispute resolution.
The NDA should also clarify whether the buyer may share information with affiliates, lenders, insurers, investment committee members or potential co-investors. In cross-border deals, the seller should consider whether information will leave Turkey and whether personal data transfer rules apply.
10. NDAs in Joint Ventures and Strategic Partnerships
Joint venture negotiations often involve mutual disclosure. A Turkish partner may disclose local licenses, customer relationships, costs, land, suppliers and market strategy. A foreign partner may disclose technology, financing plans, product designs, software, brand strategy or international customer data.
A joint venture NDA should protect both parties and should continue even if the joint venture is never established. It should also state whether information may be used only for evaluating the proposed joint venture or also for future operations if the joint venture is formed.
A key risk is idea appropriation. One party may receive the other’s business plan and later implement it alone or with a competitor. The NDA should therefore prohibit reverse engineering, independent implementation based on confidential materials, unauthorized contact with identified customers or suppliers, and use of disclosed information outside the defined purpose.
11. NDAs in Supply, Manufacturing and OEM Relationships
Supply and manufacturing relationships frequently involve technical information. A buyer may give drawings, specifications, molds, formulas, packaging designs or quality standards to a Turkish manufacturer. A Turkish supplier may disclose production know-how, pricing, capacity and sourcing details to a foreign buyer.
The NDA should define ownership of:
Technical drawings.
Tooling and molds.
Specifications.
Samples and prototypes.
Production methods.
Testing data.
Quality control reports.
Product designs.
Packaging and labeling materials.
If a Turkish manufacturer receives designs from a foreign brand, it should not use them to produce similar goods for other customers unless expressly permitted. If a foreign buyer receives supplier know-how, it should not use it to bypass the supplier and manufacture through another company without authorization.
12. NDAs in Franchise, Distribution and Agency Relationships
Franchise, distribution and agency relationships often require disclosure of brand manuals, marketing plans, price lists, customer data, sales strategies, supplier lists, training materials and trade dress. A franchisee or distributor may later become a competitor or continue using confidential materials after termination.
A strong NDA or confidentiality clause should survive termination and require immediate return or destruction of confidential information. It should prohibit use of manuals, customer databases, product images, software access, supplier information and marketing materials after the relationship ends.
For foreign franchisors and brand owners, confidentiality should be combined with trademark protection, trade dress control, non-disparagement, post-termination de-branding and unfair competition remedies.
13. NDAs and KVKK Personal Data Protection
Confidential information is not always personal data, and personal data is not always a trade secret. However, in many business transactions the two overlap. Customer lists, employee records, contact databases, payroll information, health data, CRM exports and user analytics may be both commercially confidential and personal data.
Turkey’s Personal Data Protection Law No. 6698, known as KVKK, regulates the processing and transfer of personal data. Article 9, which governs transfer of personal data abroad, was amended in 2024. The official KVKK text states that personal data may be transferred abroad under the revised Article 9 framework where statutory conditions are met.
This is critical in international NDAs. A Turkish company may disclose employee or customer data to a foreign investor, auditor, consultant, parent company, cloud provider or data room host. A simple NDA is not enough to legalize the transfer of personal data abroad. The parties must also satisfy KVKK requirements, including legal basis, safeguards, data minimization and, where applicable, standard contracts or other transfer mechanisms.
14. Cross-Border Personal Data Transfers
The 2024 amendments to KVKK Article 9 introduced a revised structure for cross-border personal data transfers. The official by-law on procedures and principles for transfer of personal data abroad states that its purpose is to establish implementation procedures for Article 9 of Law No. 6698. Legal commentary on the new guidelines explains that Turkey’s post-2024 transfer mechanisms include adequacy decisions, appropriate safeguards such as standard contracts and binding corporate rules, and exceptional incidental transfers in limited cases.
Therefore, an international NDA should include a data protection clause where personal data may be shared. This clause should address:
Whether personal data will be disclosed.
Purpose of processing.
Legal basis.
Data minimization.
Access restrictions.
Cross-border transfer mechanism.
Security measures.
Data retention.
Deletion or return.
Breach notification.
Data subject requests.
A confidentiality clause alone protects secrecy; it does not replace data protection compliance.
15. What Information Should Be Protected?
An NDA should define confidential information broadly but not vaguely. It should cover written, oral, electronic, visual and digital information disclosed before or after signing. It should also include information observed during site visits, factory tours, technical meetings, product demonstrations, online data rooms and management interviews.
Protected information may include:
Trade secrets.
Business plans.
Financial statements.
Budgets and forecasts.
Tax records.
Customer lists.
Supplier lists.
Pricing and margins.
Contracts.
Marketing strategy.
Technical drawings.
Software and source code.
Algorithms.
Prototypes.
Samples.
Product formulas.
Manufacturing methods.
Due diligence documents.
Personal data.
The definition should also cover analyses, notes, reports, summaries and derivative materials prepared by the recipient based on confidential information. Otherwise, the recipient may argue that internal notes are not covered.
16. What Should Be Excluded from Confidentiality?
NDAs should also include reasonable exclusions. Typical exclusions cover information that:
Was already publicly known.
Was lawfully known by the recipient before disclosure.
Was independently developed without use of confidential information.
Was lawfully received from a third party without confidentiality restriction.
Became public without breach by the recipient.
Must be disclosed under law, court order, regulatory requirement or stock exchange rules.
However, mandatory disclosure should not be unrestricted. The recipient should notify the disclosing party promptly, disclose only the legally required portion and cooperate to seek protective measures where possible.
17. Permitted Use and Purpose Limitation
One of the most important clauses is the purpose limitation. The recipient should be allowed to use confidential information only for a defined purpose, such as evaluating a potential acquisition, negotiating a supply agreement, performing a project, preparing a joint venture proposal or conducting legal due diligence.
Without a purpose clause, the recipient may argue that it was allowed to use information for broader commercial reasons. The clause should state clearly that no license, ownership right or commercial exploitation right is granted except as expressly provided.
For example, if a Turkish company discloses a customer list to a foreign distributor candidate, the NDA should prohibit the candidate from contacting those customers except as authorized. If a software company discloses source code for evaluation, the NDA should prohibit reverse engineering, copying, modification or use in competing products.
18. Permitted Recipients
International business often requires disclosure to advisors, affiliates, employees, directors, auditors, consultants, banks, insurers, investors and subcontractors. The NDA should define who may receive confidential information.
The recipient should be responsible for ensuring that its permitted recipients comply with confidentiality obligations. The disclosing party should avoid a situation where information is shared with a consultant or affiliate outside the NDA’s scope and then leaked without remedy.
A strong clause may require that permitted recipients receive information only on a need-to-know basis and be bound by confidentiality obligations at least as protective as the NDA.
19. Duration of Confidentiality
The NDA should define how long confidentiality obligations last. Some NDAs use two, three or five years. Others state that trade secrets remain protected as long as they remain secret and commercially valuable.
In Turkish practice, the correct duration depends on the type of information. Financial data or transaction information may lose sensitivity after a period. Technical formulas, source code, algorithms and production methods may remain trade secrets for much longer.
A balanced clause may provide a fixed term for ordinary confidential information and continuing protection for trade secrets until they lawfully enter the public domain.
20. Return, Destruction and Data Deletion
At the end of negotiations or upon request, the recipient should return or destroy confidential information. In digital business, this clause must address copies, backups, cloud storage, data room downloads, e-mail attachments, internal reports, notes and derivative materials.
A practical return/destruction clause should include:
Deadline for return or destruction.
Certification of destruction.
Treatment of legal archive copies.
Treatment of backup systems.
Deletion of personal data.
Return of physical samples and prototypes.
Return of devices, access cards and documents.
Continued confidentiality for retained legal copies.
If personal data is involved, deletion and retention must also comply with KVKK obligations.
21. Injunctive Relief and Interim Measures
Damages may not be enough in confidentiality breaches. Once a trade secret is disclosed to a competitor or published online, the harm may be irreversible. Therefore, NDAs should include the right to seek interim injunctions, evidence preservation, removal of unlawful content, return of documents and prohibition of further use.
Under Turkish unfair competition law, interim measures may be sought in appropriate cases involving trade secrets and business misconduct. The existence of an NDA can support urgency and prove that the information was intended to remain confidential.
Where arbitration is selected, the NDA should still preserve the right to seek interim measures from competent courts. This is especially important when the breach occurs in Turkey and urgent action is needed against a Turkish recipient, former employee, distributor or competitor.
22. Dispute Resolution and Mandatory Mediation
NDA disputes may involve damages, penalty clauses, injunctions, unfair competition, trade secrets, employment claims, criminal complaints and data protection issues. The dispute resolution clause should be chosen carefully.
For international business, arbitration may provide confidentiality and neutrality. Turkish courts may be better where urgent injunctions, evidence preservation or local enforcement is needed. A hybrid structure may allow arbitration for final damages while preserving court access for interim relief.
If an NDA dispute involves commercial monetary receivables or compensation claims falling within Article 5/A of the Turkish Commercial Code, mandatory mediation may apply before filing a commercial lawsuit. Legal sources confirm that mediation is mandatory before filing commercial lawsuits concerning monetary receivables and compensation claims within the scope of Article 5/A.
23. NDA Breach Evidence
A confidentiality claim is only as strong as its evidence. The injured party should preserve:
Signed NDA.
Versions and annexes.
Access logs.
Data room records.
E-mails and messages.
Watermarked documents.
Download histories.
Meeting notes.
File transfer records.
IP logs.
Employee access records.
Screenshots.
Customer communications.
Competitor materials showing misuse.
Forensic reports.
Notary determinations.
If the breach involves digital information, rapid forensic preservation is critical. The company should avoid altering devices or deleting data before expert review. In Turkey, notarial determinations and court evidence preservation may be useful in urgent cases.
24. Drafting Checklist for Turkish International NDAs
A strong NDA for Turkish international business should include:
Full legal names and authority of the parties.
Definition of confidential information.
Purpose limitation.
Permitted recipients.
Permitted disclosures.
Exclusions.
Personal data and KVKK clause.
Trade secret protection.
No license or IP transfer clause.
No reverse engineering clause.
No customer contact clause, if needed.
No employee solicitation clause, if needed.
Return and destruction obligations.
Survival period.
Penalty or liquidated damages clause.
Injunctive relief clause.
Evidence and audit rights.
Governing law.
Dispute resolution.
Interim measures.
Language priority.
The clause structure should match the transaction. An M&A NDA is different from an employee NDA, supplier NDA, franchise NDA or software NDA.
25. Common Mistakes in NDAs
The most common mistakes in Turkish international NDAs include:
Using a generic foreign template without Turkish law review.
Failing to define confidential information clearly.
Failing to include oral and visual information.
Not restricting purpose of use.
Allowing disclosure to affiliates without control.
Ignoring KVKK when personal data is shared.
Using an unrealistic confidentiality duration.
Failing to regulate return and deletion.
Not preserving interim court remedies.
Using excessive penalty clauses.
Failing to verify signatory authority.
Not marking or tracking confidential documents.
Sharing sensitive data before the NDA is signed.
Failing to include trade secret survival language.
These mistakes can make enforcement more difficult even when a breach is obvious.
Conclusion
Confidentiality and non-disclosure agreements in Turkish international business are essential tools for protecting trade secrets, commercial data, technical know-how, customer relationships, financial information, M&A materials, franchise systems, software, product designs and strategic plans. Turkish law protects confidential information through contract law, unfair competition rules, employment obligations, criminal law and data protection law. However, statutory protection is strongest when supported by a clear written NDA and practical information-security measures.
A well-drafted NDA should not merely say “the parties shall keep information confidential.” It should define confidential information, limit permitted use, identify permitted recipients, regulate cross-border disclosures, address KVKK compliance, protect trade secrets, impose return and deletion duties, preserve interim remedies, and provide a coherent dispute resolution mechanism.
For foreign companies doing business in Turkey and Turkish companies working internationally, confidentiality is not a formal legal detail. It is a core commercial protection. In negotiations, due diligence, supply chains, employment, joint ventures, franchising, technology licensing and distribution relationships, the value of the business may depend on whether confidential information remains protected. The best NDA is not the longest document; it is the document that fits the transaction, Turkish law and the actual flow of information.
Frequently Asked Questions
Are NDAs enforceable in Turkey?
Yes. NDAs are generally enforceable under Turkish contract law, provided they comply with mandatory legal limits. Article 26 of the Turkish Code of Obligations allows parties to freely determine contract content within legal boundaries.
Is there a specific NDA law in Turkey?
No. Turkey does not have one single NDA statute. Confidentiality is protected through contract law, Turkish Commercial Code unfair competition rules, employment law, criminal law, data protection law and sector-specific rules.
Are trade secrets protected under Turkish law?
Yes. Trade secrets are protected mainly through Turkish Commercial Code unfair competition provisions. Article 55 treats unlawful disclosure of production and business secrets as conduct contrary to good faith.
Can disclosure of trade secrets be a crime in Turkey?
Yes. Article 239 of the Turkish Criminal Code regulates disclosure of trade secrets, banking secrets and customer secrets, and may impose imprisonment and judicial fines upon complaint where legal conditions are met.
Do employees have confidentiality obligations in Turkey?
Yes. Article 396 of the Turkish Code of Obligations imposes loyalty and confidentiality duties on employees, including protection of business secrets learned during employment.
Does an NDA replace KVKK obligations?
No. If personal data is disclosed, KVKK obligations must be satisfied separately. A confidentiality agreement does not by itself legalize personal data processing or cross-border data transfer.
Can personal data be transferred abroad under an NDA?
Only if KVKK Article 9 requirements are met. The revised cross-border transfer framework includes mechanisms such as adequacy decisions, appropriate safeguards and limited exceptional transfers.
What should an NDA include?
An NDA should include definition of confidential information, purpose limitation, permitted recipients, exclusions, data protection clauses, return or destruction obligations, duration, remedies, governing law and dispute resolution.
Can a company seek an injunction for NDA breach in Turkey?
Yes, depending on the facts. If confidential information or trade secrets are being unlawfully used or disclosed, Turkish courts may be asked for interim measures, especially where damages would not be sufficient.
Is mediation required for NDA disputes?
If the claim is a commercial monetary receivable or compensation claim within Article 5/A of the Turkish Commercial Code, mandatory mediation may be required before filing a commercial lawsuit.
Yanıt yok