Introduction
Hosting providers, access providers and content liability in Turkey are regulated primarily under Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed by Means of Such Publications. This law is one of the central pillars of Turkish internet law and applies to many actors in the digital ecosystem, including website owners, social media platforms, hosting companies, internet service providers, cloud platforms, content platforms, public Wi-Fi providers, online marketplaces, forum operators, video-sharing platforms, app-based services and certain digital game platforms.
The legal importance of Law No. 5651 has increased significantly as online content, social media activity, e-commerce, cloud hosting, digital advertising, online gaming, mobile applications and user-generated content platforms have become part of everyday life. A business operating a website in Turkey may be a content provider. A company providing server space or cloud infrastructure may be a hosting provider. An internet service provider that allows users to access the internet may be an access provider. A platform allowing users to upload, share, comment or interact may also face additional obligations depending on its structure and reach.
Law No. 5651 states that its purpose and scope are to regulate the obligations and responsibilities of content providers, hosting providers, access providers and public internet use providers, as well as the procedures and principles for combating certain offences committed through internet publications.
The key legal question in Turkish internet law is classification. Before determining liability, it is necessary to identify whether the relevant actor is a content provider, hosting provider, access provider, public internet use provider, social network provider or another regulated actor. A wrong classification may lead to incorrect compliance procedures, missed deadlines, unlawful disclosure of data, failure to implement access-blocking decisions or unnecessary assumption of liability.
Legal Framework of Internet Content Liability in Turkey
The main legal framework is Law No. 5651. However, content liability and internet provider obligations should not be analyzed only under that law. Depending on the facts, other legal rules may also apply, including the Turkish Civil Code, Turkish Code of Obligations, Turkish Penal Code, Law No. 6698 on the Protection of Personal Data, Law No. 5809 on Electronic Communications, consumer protection legislation, advertising rules, intellectual property law and administrative law.
Law No. 5651 provides the basic definitions of content provider, hosting provider and access provider. It defines an access provider as a real or legal person that provides users with access to the internet environment. It defines a content provider as a real or legal person that produces, changes or provides all kinds of information or data offered to users over the internet.
A hosting provider, in general terms, is the person or entity that provides or operates systems hosting services and content. This includes traditional web hosting companies, server providers, cloud infrastructure providers and, depending on the service model, platforms that host third-party content.
Law No. 5651 does not impose the same liability on every internet actor. The content provider is generally responsible for the content it creates or publishes. The hosting provider is not required to proactively inspect all hosted content, but it must take action when legally notified of unlawful content under the relevant legal procedure. The access provider is generally not responsible for the content generated by users, but it must comply with access-blocking orders and traffic data obligations under the law.
Content Provider Liability in Turkey
A content provider is the person or legal entity that creates, modifies or provides information or data on the internet. A company publishing blog posts, a news website publishing articles, an e-commerce business publishing product descriptions, a social media user posting content, a forum user writing comments or a business uploading promotional material may all be content providers in relation to their own content.
The general rule is that the content provider is responsible for its own content. This responsibility may arise under civil law, criminal law, data protection law, advertising law, intellectual property law or unfair competition rules. For example, online content may create liability if it includes defamation, insult, violation of privacy, unauthorized use of personal data, copyright infringement, misleading advertising, unlawful disclosure of trade secrets or unfair commercial statements.
A content provider may also provide hyperlinks to third-party content. Under the structure of Law No. 5651, liability for linked content depends on whether the content provider adopts, presents or makes the linked content appear as its own. Therefore, a website owner should be careful when embedding third-party videos, reposting social media content, framing external pages or presenting third-party materials in a way that creates endorsement.
Content providers should also remember that “online content” is not limited to text. Images, videos, audio files, product listings, user comments, live streams, advertisements, podcasts, banners, location data, downloadable files and app content may all create legal responsibility.
A practical compliance rule is simple: a person who controls the substance of the published content should assume that legal responsibility may arise from that content. Before publishing, the content provider should check accuracy, intellectual property rights, personal data, consent, privacy, defamation risk, advertising compliance and sector-specific rules.
Hosting Provider Obligations in Turkey
Hosting providers are critical actors in the internet ecosystem because they provide the technical environment where content is stored and made accessible. A hosting provider may offer shared hosting, dedicated servers, virtual private servers, cloud infrastructure, storage services, content delivery services, platform hosting, application hosting or other technical hosting solutions.
Under Law No. 5651, hosting providers are not required to monitor all hosted content or proactively investigate whether hosted content is unlawful. Legal sources describing Article 5 of Law No. 5651 state that hosting providers are not obliged to check hosted content or investigate whether it constitutes illegal activity.
However, this does not mean that hosting providers have no obligations. Once a hosting provider is legally notified of unlawful content under the relevant procedure, it may be required to remove the content or make it inaccessible. Legal sources reflecting the text of Law No. 5651 state that a hosting provider must remove unlawful content it hosts when notified under the relevant provisions of the law.
Hosting providers also have traffic data obligations. Law No. 5651 requires hosting providers to retain traffic information relating to the services they provide for a period not less than one year and not more than two years, as determined by regulation, and to ensure the accuracy, integrity and confidentiality of such information.
This creates a major compliance responsibility. Hosting providers should not treat traffic data as ordinary technical logs. Such data may include IP addresses, access times, service start and end times, port information, account identifiers and other technical records. These logs may become critical in criminal investigations, civil litigation, administrative requests, data breach investigations and content disputes.
No General Monitoring Obligation for Hosting Providers
One of the most important principles in Turkish internet law is that hosting providers do not have a general obligation to monitor all content. This principle is necessary because hosting providers may host thousands or millions of pages, files, images, comments, user profiles, applications or digital services. Requiring proactive legal review of all content would be technically and economically unrealistic.
However, the absence of a general monitoring obligation should not be misunderstood. A hosting provider must still act when it receives a valid legal notice, court order, administrative decision or other legally binding request. It must also preserve traffic data, protect confidentiality, provide required information to competent authorities where legally requested and comply with relevant technical measures.
The legal risk often arises when a hosting provider receives an informal complaint. For example, a person may send an e-mail claiming that a hosted page is defamatory. A competitor may claim that a website contains trademark infringement. A user may report privacy violations. The hosting provider must distinguish between an ordinary complaint and a legally valid notification or order.
A well-managed hosting provider should therefore have a notice-handling procedure. The procedure should classify incoming notices, preserve evidence, identify the hosted content, check the legal basis, involve legal counsel where necessary, respond within legal deadlines and record the action taken.
Access Provider Obligations in Turkey
An access provider is an actor that provides users with access to the internet. Internet service providers, mobile operators, fixed broadband operators, fiber internet providers, satellite internet providers and certain public connectivity providers may fall within this category depending on their service model.
The access provider is not usually responsible for creating or publishing the content accessed by users. However, Law No. 5651 imposes specific obligations on access providers. These obligations include implementing legally issued access-blocking decisions, retaining traffic data under applicable rules, preserving the confidentiality and integrity of logs and taking required technical measures.
Legal sources reflecting Law No. 5651 state that access providers must block access to unlawful content when notified in accordance with the law, and that access-blocking decisions outside Article 8 are implemented by access providers through the Access Providers Union mechanism.
Access providers must be technically ready to implement URL-based, domain-based, IP-based or similar blocking measures where required by law. They should also have procedures for receiving, verifying, implementing and documenting access-blocking decisions.
The access provider’s role is legally sensitive because it sits between state authority, user rights, freedom of expression, privacy, public order, criminal investigations and technical feasibility. Therefore, access providers should avoid both unlawful inaction and overbroad implementation.
Access Providers Union
The Access Providers Union, known in Turkish as Erişim Sağlayıcıları Birliği or ESB, is a central institution in the implementation of access-blocking decisions in Turkey. ESB states that it was established to ensure the implementation of access-blocking decisions and that it has private-law legal personality with its headquarters in Ankara.
ESB’s official “About Us” page explains that the Union transmits access-blocking decisions, according to their type, to access providers, content providers and hosting providers to ensure implementation.
Law No. 5651 provides that access-blocking decisions outside Article 8 are sent to the Union for implementation and that notification to the Union is deemed notification to access providers. It also states that access providers must provide the necessary hardware and software for implementing such decisions at their own expense.
For access providers, ESB membership and coordination are therefore not merely administrative details. They are part of the legal mechanism for implementing internet access restrictions. Access providers should maintain internal systems that can receive ESB notifications, identify affected URLs or domains, apply technical measures, record implementation and respond to follow-up requests.
Access Blocking and Content Removal in Turkey
Access blocking and content removal are among the most sensitive areas of Turkish internet law. They affect freedom of expression, protection of personal rights, public order, privacy, criminal investigations and platform compliance.
Law No. 5651 includes different mechanisms for access blocking and content removal. Article 8 concerns certain catalogue offences. Article 8/A concerns urgent cases involving issues such as protection of life, public order, national security, prevention of crime and public health. Article 9/A concerns privacy violations. The previous Article 9 regime concerning personality rights was significantly affected by Constitutional Court annulment.
The Constitutional Court announced in January 2024 that certain provisions of Law No. 5651 were unconstitutional. In its reasoning, the Court emphasized concerns such as final removal decisions based on administrative determinations before a definitive criminal judgment and the impact of such mechanisms on constitutional guarantees.
Legal commentary and civil-society sources reported that the annulment of Article 9 entered into force on 10 October 2024, creating a change in the legal route for personality-rights-based content removal and access-blocking requests.
As of 2026, companies should therefore treat personality-rights content disputes carefully. In many cases, general civil-law remedies, interim injunctions, compensation claims, criminal complaints or privacy-specific procedures may become more relevant than relying automatically on the former Article 9 structure.
Content Liability and Personality Rights
Online content may violate personality rights in many ways. Examples include defamatory articles, insulting social media posts, unauthorized publication of photographs, false news, doxxing, disclosure of private life, manipulation through edited images, fake profiles, reputational attacks, unlawful use of name or likeness and search-engine-indexed old content.
The person who created the content may be directly liable as content provider. The hosting provider may become involved when notified through the legally required route. The access provider may become involved when a valid access-blocking decision must be implemented.
After the Constitutional Court’s annulment affecting Article 9, personality-rights disputes should be analyzed with greater care. Victims may need to rely on the Turkish Civil Code’s personality rights protection provisions, the Turkish Code of Obligations for moral compensation, criminal complaint mechanisms where applicable, privacy-specific mechanisms under Law No. 5651 Article 9/A, data protection applications or interim injunctions from civil courts.
For digital platforms and hosting providers, the practical consequence is that content-removal requests should be legally reviewed rather than handled automatically. A platform that removes content too broadly may face freedom-of-expression and contractual complaints. A platform that ignores valid legal decisions may face liability and sanctions.
Privacy Violations and Article 9/A
Article 9/A of Law No. 5651 concerns the protection of private life. It creates a special procedure for access blocking in relation to internet publications that allegedly violate privacy. Privacy violations may involve intimate images, private correspondence, home address disclosure, family information, unauthorized videos, private medical information, private-life photographs or personal data shared without consent.
In privacy cases, speed is often critical. Once private information is published online, it may spread rapidly across websites, social media platforms, archives, search engines and messaging groups. Therefore, privacy remedies often require urgent action.
However, privacy claims should be supported with clear evidence. Applicants should preserve URLs, screenshots, publication dates, platform details, identity information where available and explanations showing why the content violates privacy. Hosting providers and access providers should also record notifications and implementation steps.
Catalogue Crimes under Article 8
Article 8 of Law No. 5651 provides a mechanism for access blocking concerning certain catalogue offences committed through internet publications. These offences include serious categories such as sexual abuse of children, obscenity, prostitution, gambling-related offences and other offences listed in the law. Public-information sources explain that Article 8 lists catalogue offences for which access blocking may be ordered where sufficient suspicion exists.
For hosting and access providers, Article 8 decisions require careful and timely implementation. These matters often involve criminal investigations and public-order concerns. Providers should ensure that they have secure procedures to receive official decisions, preserve evidence and implement orders without delay.
For content providers, Article 8 risks are severe. Publishing, hosting, facilitating or failing to remove content involving catalogue crimes may result not only in administrative obligations but also criminal-law exposure depending on knowledge, intent and conduct.
Traffic Data and Log Retention
Traffic data is one of the most important compliance areas for hosting providers and access providers in Turkey. Traffic data may include IP addresses, connection times, session identifiers, service start and end times, port data, account identifiers and other technical information showing internet activity or service use.
Law No. 5651 defines traffic information as data such as IP addresses of parties, service start and end time, type of service used, amount of transferred data and subscriber identity information where relevant.
Traffic data must be handled with high confidentiality. If logs are altered, deleted, disclosed unlawfully, retained without security or provided to unauthorized persons, the provider may face serious legal consequences. Traffic data is often personal data because it may identify or be linked to an individual subscriber or user.
Therefore, providers should implement access controls, encryption, log integrity systems, timestamping, secure storage, retention schedules, audit trails and formal procedures for official requests. Employees should not access logs without authority, and all access should be recorded.
Personal Data Protection and KVKK Compliance
Hosting providers, access providers and content platforms frequently process personal data. This may include user account data, IP addresses, traffic logs, payment information, contact details, customer service records, uploaded content, location data, device identifiers and complaint records.
Law No. 6698 on the Protection of Personal Data imposes data security obligations on data controllers. Article 12 requires data controllers to take all necessary technical and organizational measures to ensure an appropriate level of security, prevent unlawful processing, prevent unlawful access and safeguard personal data.
This is directly relevant to Law No. 5651 actors. A hosting provider that stores user logs must secure them. An access provider that retains traffic data must prevent unauthorized access. A content platform that receives takedown requests must handle complainant information lawfully. A social platform that moderates user-generated content must process user data transparently.
KVKK compliance should include privacy notices, data inventory, retention policies, data subject request procedures, breach response plans, vendor contracts, cross-border transfer analysis and security measures.
Social Network Providers and Platform Liability
Social network providers are a special category under Turkish internet law. A social network provider allows users to create, view or share content such as text, images, audio, location or similar materials for social interaction. Law No. 5651 has been amended several times to impose additional obligations on social network providers, particularly large platforms.
Recent legal changes also affect platform compliance. Law No. 7578 was adopted on 22 April 2026 and published in the Official Gazette dated 1 May 2026. Official parliamentary information confirms the law number, title, adoption date and Official Gazette publication details.
Current legal databases indicate that some new provisions concerning social network providers and game platforms are scheduled to enter into force on 1 November 2026, including obligations connected with parental control tools, deceptive advertising measures and faster implementation of certain urgent decisions by large social network providers.
Platforms operating in Turkey should therefore monitor not only existing Law No. 5651 obligations but also upcoming compliance deadlines. A social network provider or online game platform may also be a content provider, hosting provider or data controller depending on the activity.
Hosting Provider vs. Content Provider: Practical Distinction
The distinction between hosting provider and content provider is often difficult in practice. A company may have more than one role at the same time.
For example, a blog platform that allows users to publish articles may be a hosting provider for user posts, but it may be a content provider for its own editorial articles. An e-commerce marketplace may be a hosting provider for seller listings, but it may be a content provider for its own advertisements. A social media platform may host user-generated content, but may also publish its own policies, advertisements and official announcements.
The key question is control over the content. If the platform merely provides technical infrastructure for third-party content, hosting provider rules are central. If the platform creates, edits, endorses, promotes or materially contributes to the content, content provider liability may become relevant.
Businesses should therefore map their content flows. They should identify which content is company-generated, which content is user-generated, which content is automated, which content is paid advertising, which content is seller-generated and which content is third-party embedded content.
Notice-and-Takedown Procedures
A notice-and-takedown procedure is essential for hosting providers and platforms. Although Turkish law does not create a single universal notice-and-takedown system for all possible claims, providers should establish an internal process for receiving and evaluating complaints.
A legally effective notice process should include:
A visible contact channel for legal notices.
A method for identifying the disputed content.
URL-level identification where possible.
Complainant identity and authority verification.
Classification of the claim.
Evidence preservation.
Legal basis review.
Deadline calculation.
Escalation to legal counsel.
Implementation record.
Notification to relevant users where appropriate.
Overbroad takedown requests should be handled carefully. For example, a claimant may ask for removal of an entire website when only one URL is disputed. Turkish constitutional and administrative-law principles require proportionality. Therefore, providers should apply the narrowest legally required measure where possible.
Liability for User-Generated Content
User-generated content creates complex liability questions. Forums, social networks, comment sections, online marketplaces, video-sharing platforms, review websites, streaming platforms and gaming communities may host millions of user posts.
In principle, the user who creates unlawful content is responsible as content provider. The hosting platform is generally not required to monitor all content proactively. However, once the platform becomes legally aware through a valid order or notification, failure to act may create liability.
Platforms should also consider whether their algorithms, moderation rules, advertising systems or editorial choices increase their responsibility. If a platform actively promotes unlawful content, monetizes it, edits it or presents it as verified, the platform’s position may shift from passive hosting toward active involvement.
A strong platform policy should define prohibited content, complaint channels, moderation standards, appeal mechanisms, repeat-infringer policies, urgent escalation procedures and evidence preservation rules.
Administrative Fines and Sanctions
Violations of Law No. 5651 may lead to administrative fines and other sanctions. Hosting providers that fail to notify their hosting activity, fail to remove unlawful content after lawful notice, fail to retain traffic data properly or fail to provide requested information may face sanctions. Access providers that fail to implement access-blocking decisions or meet technical requirements may also face sanctions.
Legal sources reflecting Law No. 5651 state that hosting providers that fail to make hosting notifications or fail to fulfill statutory obligations may be subject to administrative fines.
Sanctions may also arise under KVKK if traffic data, user data or complaint data is processed unlawfully or insufficiently secured. For access providers that are also electronic communications operators, BTK’s regulatory framework under Law No. 5809 may create additional audit and sanction risk.
In practice, the same incident may trigger multiple consequences. For example, failure to implement an access-blocking order may lead to Law No. 5651 exposure. If user data is disclosed during the process, KVKK exposure may arise. If the provider is an authorized electronic communications operator, BTK compliance issues may also arise.
Criminal, Civil and Administrative Liability
Content liability in Turkey may create criminal, civil and administrative consequences.
Criminal liability may arise where online content constitutes offences such as insult, threats, blackmail, violation of privacy, unlawful disclosure of personal data, obscenity, child abuse material, incitement to crime, illegal betting or other offences.
Civil liability may arise from personality rights violations, moral damages, material damages, unfair competition, intellectual property infringement, contract breach or unlawful processing of data.
Administrative liability may arise from failure to comply with Law No. 5651, BTK decisions, access-blocking orders, hosting obligations, public internet use rules, data protection obligations or social network provider duties.
Providers should therefore avoid viewing content complaints as purely technical matters. Every complaint may require legal classification.
Compliance Checklist for Hosting Providers
A hosting provider operating in Turkey should implement the following compliance measures:
Determine whether it qualifies as a hosting provider under Law No. 5651.
Make required notifications where applicable.
Publish required identifying information.
Maintain a legal notice contact channel.
Create a notice-and-takedown procedure.
Retain traffic data for the legally required period.
Protect traffic data accuracy, integrity and confidentiality.
Maintain secure log storage.
Restrict employee access to logs.
Respond to valid official requests.
Remove unlawful content when legally required.
Preserve evidence of action taken.
Prepare KVKK privacy notices and data inventories.
Implement technical and organizational security measures.
Train legal, technical and customer support teams.
Review contracts with customers and resellers.
Monitor changes in Law No. 5651 and BTK practice.
Compliance Checklist for Access Providers
An access provider should implement the following measures:
Confirm its legal status under Law No. 5651.
Ensure compliance with BTK authorization where applicable.
Maintain ESB membership and communication channels where required.
Prepare systems for receiving access-blocking decisions.
Implement URL, domain, IP or other technical blocking where lawfully required.
Record implementation time and method.
Retain traffic data under legal requirements.
Protect traffic logs against alteration and unauthorized access.
Respond to lawful official requests.
Maintain DDoS, cybersecurity and network security controls.
Train NOC, legal and compliance teams.
Coordinate with ESB, BTK and competent authorities.
Review user contracts and acceptable use policies.
Prepare procedures for emergency decisions.
Preserve evidence for audits and litigation.
Compliance Checklist for Content Providers
A content provider should:
Review content before publication.
Avoid defamatory, misleading or unlawful statements.
Obtain consent for photographs, videos and personal data.
Verify intellectual property rights.
Avoid unauthorized use of copyrighted materials.
Check advertising and consumer law compliance.
Keep editorial records.
Respond to complaints promptly.
Remove or correct unlawful content when appropriate.
Preserve evidence in disputes.
Avoid presenting third-party links as endorsed content unless verified.
Use clear terms for user-submitted materials.
Implement moderation rules where users can comment or upload content.
Foreign Platforms and Turkey
Foreign platforms targeting Turkish users should not assume that foreign law alone governs their services. If a platform is accessible in Turkey, targets Turkish users, provides Turkish-language services, processes Turkish user data, sells services in Turkey or receives legal notices from Turkish authorities, Turkish law may become relevant.
Foreign hosting providers, social media platforms, cloud services, online marketplaces and game platforms should analyze:
Whether they are content providers, hosting providers or social network providers.
Whether they must appoint local representatives.
Whether Turkish access-blocking decisions may be sent to them.
Whether traffic data obligations apply.
Whether they process personal data under KVKK.
Whether cross-border transfers are lawful.
Whether user-generated content creates local liability.
Whether upcoming 2026 platform obligations affect their services.
Compliance should be localized. A global content policy may not be enough if Turkish legal notices, data protection rules, access-blocking orders or platform-specific obligations apply.
Practical Legal Remedies for Victims of Unlawful Online Content
A person harmed by unlawful online content should first preserve evidence. Screenshots should include URL, date, time, platform name, account details and visible content. Where possible, notarized evidence or technical evidence preservation may be useful.
The appropriate legal route depends on the type of violation. If the content violates privacy, Article 9/A may be relevant. If the content involves catalogue crimes, criminal complaint and Article 8 procedures may be relevant. If the content violates personality rights, civil remedies under the Turkish Civil Code and the Code of Obligations, interim injunctions and compensation claims may be considered, especially after the Constitutional Court’s annulment affecting the former Article 9 regime.
If personal data is unlawfully processed, the person may apply to the data controller and then to the Personal Data Protection Authority under KVKK procedures. If the content is defamatory or threatening, criminal complaint may be appropriate.
The correct remedy should be selected carefully. A rushed but legally incorrect application may cause rejection, delay or loss of strategic advantage.
Conclusion
Hosting providers, access providers and content liability in Turkey are governed by a multi-layered legal framework centered on Law No. 5651. The law distinguishes between content providers, hosting providers, access providers and other internet actors. Each category has different obligations and different liability risks.
Content providers are generally responsible for the content they create or publish. Hosting providers are generally not required to proactively monitor all hosted content, but they must act when legally notified and must retain traffic data securely. Access providers are not usually responsible for user-generated content, but they must implement legally issued access-blocking decisions and maintain technical compliance. ESB plays a central role in the implementation of many access-blocking decisions.
The legal landscape is also changing. The Constitutional Court’s annulment of the former Article 9 regime affected personality-rights-based content removal and access-blocking practice. Recent 2026 legislative developments also indicate increasing obligations for social network providers and online game platforms. Therefore, companies operating in Turkey’s digital ecosystem must monitor legislative changes continuously.
For businesses, compliance requires correct legal classification, clear internal procedures, traffic data security, notice-handling mechanisms, KVKK compliance, access-blocking workflows, evidence preservation and legal review. For victims of unlawful content, the correct remedy depends on the type of violation, available evidence, urgency and applicable legal route.
As internet platforms, cloud services, social networks, digital games, AI-generated content and online marketplaces continue to expand, Turkish law on hosting providers, access providers and content liability will remain a critical area for technology companies, telecom operators, digital platforms, investors and legal practitioners.
Frequently Asked Questions
What is a content provider under Turkish law?
A content provider is a real or legal person that produces, changes or provides information or data offered to users over the internet. The content provider is generally responsible for its own content.
What is a hosting provider in Turkey?
A hosting provider is an actor that provides or operates systems hosting services and content. Hosting providers are generally not required to monitor all hosted content but must act when legally notified under Law No. 5651.
Must hosting providers keep traffic data?
Yes. Hosting providers must retain traffic information relating to their services for a period not less than one year and not more than two years, as determined by regulation, and ensure its accuracy, integrity and confidentiality.
What is an access provider?
An access provider is a real or legal person that provides users with access to the internet environment. Internet service providers generally fall within this category.
What is the Access Providers Union?
The Access Providers Union is a private-law legal entity established to ensure implementation of access-blocking decisions. It transmits relevant decisions to access providers, content providers and hosting providers according to the type of decision.
Are hosting providers responsible for all user-generated content?
Not automatically. Hosting providers are generally not obliged to proactively inspect all hosted content. However, they may be required to remove or disable access to unlawful content once legally notified.
Can unlawful online content be removed in Turkey?
Yes, but the legal route depends on the type of violation. Privacy violations, catalogue crimes, personality rights violations, intellectual property issues and personal data violations may require different legal remedies.
Did the Constitutional Court affect Article 9 of Law No. 5651?
Yes. The Constitutional Court annulled certain provisions, and commentary reports that the former Article 9 regime concerning personality-rights-based access blocking was affected as of 10 October 2024.
Does KVKK apply to hosting and access providers?
Yes. If a hosting provider or access provider processes personal data such as IP addresses, traffic logs, account data or user information, KVKK obligations may apply. Data controllers must take technical and organizational measures to protect personal data.
What should digital platforms operating in Turkey do?
They should classify their role under Law No. 5651, prepare notice-and-takedown procedures, secure traffic data, comply with access-blocking decisions, implement KVKK measures, monitor social network provider obligations and preserve evidence for disputes.
Yanıt yok