Learn how confidentiality clauses and non-disclosure agreements work under Turkish law, including enforceability, form, trade secrets, employee confidentiality, unfair competition, data protection, remedies, and drafting risks in Turkey.
Introduction
Confidentiality clauses and non-disclosure agreements in Turkey are not governed by one single standalone “NDA law.” Instead, Turkish law protects confidential information through a combination of general contract principles in the Turkish Code of Obligations, the good faith rule in the Turkish Civil Code, employee loyalty and secrecy duties, unfair competition rules in the Turkish Commercial Code, and, where personal data is involved, the Personal Data Protection Law. As a matter of statutory structure, Turkish law therefore treats confidentiality less as a separate named contract type and more as a legally protected obligation that can be built into contracts and enforced through several overlapping legal regimes.
This matters in practice because confidential information sits at the center of modern commercial life. Parties disclose pricing models, source code, business plans, manufacturing know-how, customer lists, product roadmaps, financial data, formulas, supply methods, and negotiation materials long before and long after a core commercial contract is signed. In Turkey, those disclosures can be protected by carefully drafted confidentiality clauses and NDAs, but enforceability depends on how the obligation is structured, whether the clause respects mandatory legal limits, whether it is being used in employment or commercial settings, and whether the breach also triggers unfair competition or data protection consequences.
For that reason, the key legal question in Turkey is not simply whether a document is titled “NDA.” The real questions are whether the confidentiality undertaking is valid, what information it covers, how long it lasts, how it interacts with employment duties and trade-secret protection, whether it can be enforced by injunction or damages, and whether any part of it is too broad, too vague, or contrary to mandatory law. This article explains confidentiality clauses and non-disclosure agreements in Turkey in practical English and in a format suitable for legal SEO content.
The Legal Basis of Confidentiality Obligations in Turkey
The first foundation is freedom of contract. Article 26 of the Turkish Code of Obligations states that parties may determine the content of a contract freely within the limits laid down by law. That is the main reason confidentiality clauses and NDAs are generally enforceable under Turkish law. The law does not require a special statutory chapter to recognize them. If the parties want to create obligations of secrecy, restricted use, controlled disclosure, return or destruction of documents, and post-termination confidentiality, Turkish law generally allows them to do so within legal limits.
Those legal limits appear immediately in Article 27. Contracts contrary to mandatory legal provisions, morality, public order, personal rights, or involving an impossible subject matter are definitively void. This means a confidentiality clause is not enforceable merely because it was signed. If the clause is drafted in a way that violates protected legal interests, unlawfully blocks rights, or goes beyond what Turkish law permits, the clause or part of it may fail. In other words, Turkish law allows confidentiality obligations, but not without boundary control.
A second foundation is good faith. Article 2 of the Turkish Civil Code requires everyone to act according to the rules of honesty while exercising rights and performing obligations, and it denies legal protection to the manifest abuse of rights. This is highly relevant for confidentiality disputes. It affects how broad clauses are interpreted, whether one party is using a confidentiality obligation honestly, whether a disclosure was truly unauthorized, and whether the clause is being enforced in a way consistent with its legitimate protective purpose rather than as a tactical weapon.
A third foundation is contract interpretation. Article 19 of the Turkish Code of Obligations states that, in determining and interpreting the type and content of a contract, the parties’ real and common intention prevails over words used by mistake or to conceal the actual purpose. This matters because confidentiality disputes often turn on scope. A court may ask whether “confidential information” was meant to cover all shared data, only business secrets, only written materials, or also oral disclosures and derivative work product. Turkish law will not rely only on labels if the parties’ real common intention points to a narrower or broader commercially meaningful scope.
Are NDAs Valid Under Turkish Law?
As a general rule, yes. Because Turkish law recognizes freedom of contract and does not require a special named NDA statute, confidentiality clauses and stand-alone NDAs are generally valid so long as they remain within statutory limits. This applies both to clauses inside broader commercial agreements and to separate non-disclosure agreements signed before due diligence, technical cooperation, distribution talks, employment, licensing discussions, or investment negotiations.
At the same time, Turkish law does not treat every confidentiality clause as automatically enforceable in every part. If the clause is too vague, operates as a hidden standard term, gives one side a one-sided rewriting power, or imposes burdens contrary to good faith, it may face partial invalidity or be treated as unwritten under the rules on general transaction conditions. The enforceability analysis therefore depends not only on the existence of the clause, but also on its drafting quality and contractual setting.
Form Requirements: Does an NDA Need to Be in Writing?
Under the Turkish Code of Obligations, the general rule is freedom of form. Article 12 states that, unless the law provides otherwise, contracts are not subject to any form requirement, while legally prescribed form is generally a validity requirement where it exists. Because Turkish law does not impose a special statutory written-form requirement specifically for ordinary confidentiality agreements, an NDA does not usually need a special form to exist as a matter of pure validity.
Even so, in practice a written NDA is strongly advisable. A confidentiality obligation is only as useful as it is provable. The parties should be able to show what information was protected, who could access it, whether onward disclosure was allowed, what the return-or-destruction rules were, how long the duty lasted, and what the agreed remedies were. Turkish law may tolerate informal formation, but litigation over an unwritten confidentiality undertaking is far more difficult than litigation over a clear written text. This is a practical inference from the combination of freedom of form and the evidentiary importance of contractual content.
Turkish law also recognizes secure electronic signatures. Articles 14 and 15 of the Turkish Code of Obligations state that where written form is required, texts sent and stored with a secure electronic signature may replace writing and that a secure electronic signature produces the same legal consequences as a handwritten signature. The Electronic Signature Law confirms that a secure electronic signature has the same legal effect as a handwritten signature, while excluding transactions subject to official form, special ceremony, and security agreements. As a practical matter, ordinary NDAs can generally be executed electronically in Turkey if the chosen execution method is legally appropriate, and secure electronic signature offers the strongest statutory footing.
How Turkish Law Defines the Protected Interest
Turkish statutes do not provide one universal civil-law definition of “confidential information” for all NDA disputes. Instead, the protected interest is constructed through the contract and supported by surrounding legal rules. In commercial settings, Turkish law clearly recognizes the importance of production secrets and business secrets. Article 396 of the Turkish Code of Obligations, in the employment chapter, states that the employee may not use or disclose information learned during work, especially production and business secrets, during the employment relationship and, to the extent necessary to protect the employer’s legitimate interests, after the relationship ends. This statutory language confirms that Turkish law treats production and business secrets as legally protectable confidential interests.
The Turkish Commercial Code reinforces this approach through unfair competition rules. Article 54 states that deceptive conduct or commercial practices contrary to honest dealing in relationships between competitors or between suppliers and customers are unfair and unlawful. Article 55 then identifies as unfair competition, among other things, inducing employees, agents, or assistants to disclose or obtain their employer’s or principal’s production and business secrets, and unlawfully disclosing production and business secrets that were secretly, without authorization, or otherwise unlawfully obtained. These provisions show that Turkish law does not see confidential business information as protected only by contract. It also protects it through market-order rules.
This is important for NDA drafting. A well-drafted Turkish-law confidentiality clause should define protected information carefully and commercially, but it can do so against a legal background that already recognizes the value of production and business secrets. In other words, the NDA does not create secrecy protection from nothing; it usually strengthens, clarifies, and operationalizes protections that already have support in Turkish contract, employment, and unfair-competition law.
Core NDA Clauses Under Turkish Law
A strong NDA under Turkish law should address at least five structural points. The first is the definition of confidential information. Because Turkish law follows the parties’ real and common intention under Article 19, definitions should be drafted in a way that reflects what the parties actually mean to protect: technical information, business plans, financial material, pricing, source code, algorithms, prototypes, samples, customer data, non-public commercial terms, internal documentation, and information derived from those materials. The definition should also make clear whether oral disclosures are covered and whether follow-up confirmation is required.
The second is the permitted-use rule. An NDA should not merely say “do not disclose.” It should also state what the receiving party may do with the information. Common Turkish-law drafting logic would limit use to evaluating, negotiating, performing, or administering the relevant relationship. This matters because misuse can occur even without outward disclosure. Article 396’s employment secrecy rule explicitly prohibits not only disclosure but also use for one’s own benefit, which illustrates the broader Turkish-law concern with unauthorized internal use as well as external leakage.
The third is permitted disclosure. A Turkish NDA should state whether disclosure is allowed to affiliates, employees, professional advisers, auditors, financing sources, subcontractors, regulators, or courts, and under what controls. Because Article 112 of the Turkish Code of Obligations imposes damages liability for non-performance or improper performance unless the debtor proves lack of fault, and Article 116 generally makes a debtor responsible for damage caused by auxiliaries used in performance, careless onward disclosure by a receiving party’s employees or advisers can create real liability exposure.
The fourth is duration. Turkish law does not impose one universal confidentiality period for all commercial NDAs. The parties may therefore structure the duration contractually, but the duration should still be commercially and legally defensible. Some information may justify a limited secrecy period, while true trade secrets and business secrets may justify longer protection. Employment law offers a useful analogy: Article 396 continues the secrecy duty after termination only to the extent necessary to protect the employer’s legitimate interests, which reflects a proportionality logic Turkish courts are likely to find persuasive more broadly.
The fifth is return, deletion, and destruction. In Turkish practice, a confidentiality clause should address what happens at the end of negotiations or the relationship. This is especially important where materials were shared in digital form, integrated into work product, or held by third-party service providers. If the contract stays silent, the parties may end up disputing whether retention for compliance or backup reasons was permitted. Clear drafting reduces that risk and makes later proof easier under Turkish law’s general contract-liability framework.
Standard Terms, Boilerplate, and Unfair Clauses
A confidentiality clause is often presented as standard boilerplate, especially in platform contracts, supplier templates, HR documents, software terms, and procurement forms. Turkish law regulates these clauses through the rules on general transaction conditions in Articles 20 to 25 of the Turkish Code of Obligations. Article 20 defines pre-drafted standard terms broadly. Article 21 states that disadvantageous standard terms enter the contract only if the drafter clearly informs the other party, gives an opportunity to learn the terms, and obtains acceptance; otherwise they are treated as unwritten. Article 23 interprets unclear standard terms against the drafter. Article 24 treats one-sided amendment powers as unwritten. Article 25 prohibits standard terms that worsen the other party’s position contrary to good faith.
This matters because overbroad confidentiality boilerplate can become vulnerable in Turkey. Clauses that define confidential information so widely that they cover everything without meaningful limit, allow the drafter to change confidentiality obligations unilaterally, or impose unbalanced burdens may face scrutiny under Articles 21 to 25. The law is especially skeptical where one side tries to hide disadvantageous obligations inside unreadable standard text. Turkish law allows boilerplate, but it does not allow boilerplate by ambush.
If the contract is consumer-facing, the scrutiny becomes even stronger. The Law on Consumer Protection states that unfair non-negotiated terms creating an imbalance against the consumer contrary to good faith are absolutely void, while the rest of the contract remains valid. It also requires consumer-facing written terms to be clear and comprehensible, with ambiguity interpreted in favor of the consumer. So a confidentiality clause inserted into a consumer platform contract or subscription relationship cannot safely assume that ordinary business drafting logic will automatically survive Turkish consumer-law review.
Confidentiality in Employment Relationships
Turkish law contains one of its clearest confidentiality rules in the employment chapter of the Turkish Code of Obligations. Article 396 requires the employee to perform the work carefully and act loyally in protecting the employer’s legitimate interests. It then expressly states that the employee may not use for personal benefit or disclose information learned during the work, especially production and business secrets, during the employment relationship and, to the extent necessary to protect the employer’s legitimate interests, after the relationship ends.
This is highly significant for employers in Turkey. It means confidentiality protection in employment does not depend solely on signing an NDA. The statutory duty already exists. A separate NDA remains useful because it can define the information categories, set return procedures, regulate records, describe disclosure channels, and specify remedies, but it operates on top of an existing legal duty of loyalty and secrecy.
Employers should also keep confidentiality separate from post-employment non-compete obligations. Article 444 allows a written post-employment non-compete only if the employee had access to customer circles, production secrets, or business information and if use of that knowledge could seriously harm the employer, while Article 445 limits the clause by place, time, and type of work and generally caps duration at two years absent special circumstances. A confidentiality clause is usually broader in time and narrower in functional impact than a non-compete, and Turkish law treats them differently.
Trade Secrets, Unfair Competition, and Market Remedies
One of the strongest features of Turkish law in this field is that confidentiality breaches may trigger not only contract claims but also unfair competition remedies. Article 55 of the Turkish Commercial Code treats inducing employees or agents to disclose or obtain production and business secrets as unfair competition, and it separately treats the unlawful disclosure of production and business secrets as dishonest conduct. Article 56 then allows persons whose customers, credit, professional reputation, commercial activity, or other economic interests are harmed or threatened to seek a declaration that the act is unlawful, cessation of the unfair competition, removal of its consequences, correction of false or misleading statements, destruction of tools or goods where necessary, damages if fault exists, and even moral damages where the conditions are met.
Turkish law also permits interim protection. Article 61 authorizes courts, upon request of the person entitled to sue, to preserve the existing situation, remove the material consequences of unfair competition, prevent unfair competition, correct misleading statements, and order other measures through the rules on interim injunctions. This is especially important in confidentiality and trade-secret disputes because damages after the leak may not be enough. Once proprietary information is widely disclosed, the commercial harm can become irreversible. Turkish law recognizes that reality by making provisional relief available in the unfair-competition setting.
There is also a criminal dimension in some unfair competition cases. Article 62 provides that intentionally committing one of the unfair competition acts listed in Article 55, and deceiving employees, agents, or assistants so as to obtain production or trade secrets, can lead to imprisonment of up to two years or a judicial fine upon complaint, unless a more serious offense applies. For NDA disputes, this means that serious trade-secret abuse may move beyond private contractual remedies into the field of criminal exposure.
Personal Data and Confidentiality
Where confidential information includes personal data, an NDA is not enough on its own. The Personal Data Protection Law applies to personal data processed wholly or partly by automated means, or by non-automated means forming part of a data filing system. It requires personal data to be processed lawfully and fairly, for specified and legitimate purposes, and in a manner that is relevant, limited, and proportionate. As a rule, personal data may not be processed without explicit consent unless a statutory basis exists, including where processing of the parties’ personal data is necessary and directly related to the establishment or performance of a contract, or where processing is necessary for the establishment, exercise, or protection of a right. The law also imposes an information obligation on data controllers.
This is critically important in Turkish NDA practice because many confidentiality arrangements cover HR data, customer information, contact details, clinical data, platform-user information, or deal-room documents containing personal data. A confidentiality clause can strengthen restricted-use obligations, but it cannot replace compliance with the Personal Data Protection Law. In other words, if personal data is being disclosed under an NDA, the parties still need a lawful processing basis, proper transparency, and compliance with Turkish data-protection principles.
Remedies for Breach of Confidentiality
The basic contract-liability rule appears in Article 112 of the Turkish Code of Obligations. If the obligation is not performed at all or is not performed properly, the debtor must compensate the creditor’s loss unless the debtor proves that no fault is attributable to it. Article 113 allows substitute performance and removal of the contrary state for obligations to do or not to do something, while Article 114 states that the debtor is generally liable for every degree of fault. Article 115 makes advance exclusions of gross-fault liability invalid, and Article 116 generally holds the debtor responsible for auxiliaries used in performance. In confidentiality disputes, these provisions support claims for damages, responsibility for leaks caused by employees or advisers, and resistance to sweeping disclaimer language.
Turkish law also allows penalty clauses. Article 179 states that where a penalty is agreed for non-performance or improper performance, the creditor may generally demand either the principal obligation or the penalty, while delay penalties may in appropriate cases be claimed together with the principal obligation. Article 180 states that the agreed penalty is payable even if the creditor suffered no damage. Article 182 allows the parties to set the amount freely but empowers the judge to reduce an excessive penalty. For NDAs, this means a contractual penalty can be a useful enforcement tool, but it should be calibrated carefully and drafted with Turkish law’s reduction power in mind.
In addition, unfair competition law can supply a parallel track of relief, including injunction-type orders and corrective measures under Articles 56 and 61 of the Turkish Commercial Code. In serious cases, this route may be more useful than ordinary damages litigation because it focuses on stopping or reversing the misuse of secrets quickly.
Practical Drafting Lessons
A strong Turkish-law NDA should define confidential information precisely, tie permitted use to a specific purpose, regulate onward disclosure carefully, require security measures proportionate to the information involved, and state what happens at the end of the relationship. It should also address whether the receiving party may keep archival copies for compliance, how legally compelled disclosure will be handled, and whether any information categories are excluded because they were already public, already known, independently developed, or lawfully received from a third party. These are not statutory phrases, but they are practical drafting lessons that follow from the Turkish-law emphasis on clarity, real common intention, and enforceable scope.
If the NDA is used in an employment setting, it should be coordinated with Article 396 and should not casually merge into a non-compete without respecting Article 444 and Article 445. If it is used in a mass-market or standard-form setting, it should be drafted with Articles 20 to 25 in mind. If it covers personal data, it should be aligned with the Personal Data Protection Law rather than assuming confidentiality language alone is enough. And if trade secrets are central, parties should think in advance about the possibility of unfair-competition claims, interim measures, and evidence preservation.
Conclusion
Confidentiality clauses and non-disclosure agreements in Turkey are generally enforceable, but their strength comes from correct integration into the wider Turkish legal framework rather than from a single NDA statute. Turkish law supports confidentiality through freedom of contract, good faith, employee loyalty and secrecy duties, unfair competition protection for production and business secrets, and personal-data rules where applicable. At the same time, Turkish law disciplines overbroad drafting through invalidity limits, standard-term controls, consumer protections, and judicial oversight of remedies such as penalty clauses.
The practical takeaway is straightforward. In Turkey, the best NDA is not the longest one. It is the one that defines the protected information clearly, matches the parties’ real commercial purpose, aligns with employment and data-protection rules where relevant, and gives the aggrieved party a realistic path to injunctions, damages, and contractual penalties if a breach occurs.
FAQ
Are NDAs valid under Turkish law?
Yes, generally. Turkish law recognizes freedom of contract under Article 26 of the Turkish Code of Obligations, and ordinary confidentiality obligations are generally enforceable unless they violate the limits in Article 27 or are otherwise defective under Turkish law.
Does an NDA have to be in writing in Turkey?
Usually not as a strict validity rule, because Article 12 adopts freedom of form unless the law provides otherwise. But a written NDA is strongly advisable for proof, scope, and enforcement reasons. Secure electronic signatures are generally recognized as equivalent to handwritten signatures under Articles 14 and 15 of the Turkish Code of Obligations and the Electronic Signature Law, subject to statutory exclusions.
Are trade secrets protected even without an NDA?
Yes, to an important extent. Article 396 protects production and business secrets in employment relationships, and Articles 54, 55, 56, 61, and 62 of the Turkish Commercial Code protect against unfair competition involving unlawful acquisition or disclosure of production and business secrets and provide civil and, in some cases, criminal consequences.
Can an employee’s confidentiality duty continue after termination?
Yes. Article 396 states that, to the extent necessary to protect the employer’s legitimate interests, the employee remains obliged to keep secrets even after the employment relationship ends.
Is a confidentiality clause the same as a non-compete clause in Turkey?
No. A confidentiality clause protects information from unauthorized use or disclosure. A post-employment non-compete is separately regulated in Article 444 and limited by Article 445, including written-form, scope, and duration controls.
Can Turkish courts stop a confidentiality breach quickly?
Yes, potentially. In unfair-competition settings, Article 61 of the Turkish Commercial Code allows interim measures, and Article 56 allows actions for cessation, removal of consequences, correction, damages, and related relief.
Is an NDA enough when personal data is involved?
No. If the confidential information includes personal data, the Personal Data Protection Law still applies. Processing must be lawful and fair, based on a valid legal ground, and the data controller’s information obligations remain relevant.
Yanıt yok