Introduction
Insurance technology, commonly known as InsurTech, is transforming the insurance sector in Turkey. Digital platforms now help consumers compare policies, purchase insurance online, submit claims through mobile applications, upload accident documents, receive automated risk scores, use telematics-based motor insurance, access embedded insurance at checkout, and manage policy renewals without visiting a physical branch. For insurers, agencies, brokers, fintech companies, e-commerce platforms, banks, and software providers, InsurTech creates major commercial opportunities.
However, InsurTech is not merely a technology business. In Turkey, insurance activity is a regulated field. A company that sells, intermediates, markets, compares, distributes, or administers insurance products may trigger insurance law, agency law, brokerage law, consumer protection rules, data protection obligations, cybersecurity duties, distance sales requirements, advertising restrictions, and liability risks. The legal structure depends on the platform’s exact role: insurer, agent, broker, comparison platform, lead generator, embedded insurance partner, claims technology provider, software vendor, or data analytics provider.
The main legislative framework is Insurance Law No. 5684, which regulates the commencement of operations, management, organization, operating principles, termination, and supervision of parties subject to insurance law. Insurance contracts are also governed by the Sixth Book of the Turkish Commercial Code No. 6102, where Article 1401 defines an insurance contract as a contract under which the insurer promises, in exchange for a premium, to indemnify a loss caused by the materialization of a risk or to make payment upon certain events such as the occurrence of a life event.
The principal regulator is the Insurance and Private Pension Regulation and Supervision Authority, known in Turkish as SEDDK and in English as the Insurance and Private Pension Regulation and Supervision Authority or IPRSA. SEDDK regulates and supervises the insurance and private pension sector, including insurers, reinsurers, agencies, brokers, digital sales structures, distance insurance contracts, internal systems, and sector conduct. The SEDDK 2021 Annual Report records that the Regulation on Activities to be Considered under the Scope of Insurance and Distance Insurance Contracts was published in the Official Gazette dated 16 June 2021 and No. 31513, clarifying distance communications and digital insurance sales.
This article explains the legal framework for InsurTech platforms in Turkey, including digital insurance sales, online agencies, brokers, embedded insurance, comparison websites, AI underwriting, claims automation, telematics, health data, cybersecurity, KVKK compliance, consumer protection, and liability risks.
1. What Is InsurTech?
InsurTech means the use of technology to improve, automate, distribute, price, manage, or administer insurance products and services. It covers a wide range of business models. Some InsurTech companies are licensed insurance intermediaries. Others provide software to insurers. Some platforms only generate customer leads. Others sell insurance policies directly through digital channels. Some use artificial intelligence for underwriting or claims assessment. Others use telematics, wearable devices, or mobile applications to personalize insurance pricing.
Common InsurTech models include:
Online insurance sales platforms
Insurance comparison websites
Digital insurance agencies
Digital insurance brokers
Embedded insurance at e-commerce checkout
Mobile claims notification applications
AI-based underwriting tools
Telematics-based motor insurance
Usage-based insurance
Parametric insurance solutions
Health insurance apps
Travel insurance add-ons
Device insurance at point of sale
Cyber insurance assessment tools
Insurance CRM and policy administration software
Claims automation and fraud detection tools
Open insurance and data-sharing models
The key legal issue is whether the company is merely providing technology or whether it is performing regulated insurance activity. A software vendor that provides internal claims management software to an insurer may have a different legal status from a platform that offers policy comparison, collects user data, receives commission, and directs consumers to purchase specific insurance products.
2. Main Legal Sources for InsurTech in Turkey
InsurTech platforms in Turkey may be affected by multiple legal sources.
The first source is Insurance Law No. 5684. This law regulates insurers, reinsurers, insurance intermediaries, agencies, brokers, loss adjusters, actuaries, supervision, sanctions, and general insurance market structure.
The second source is the Turkish Commercial Code, especially the Sixth Book on insurance law. It governs insurance contracts, policyholder obligations, insurer obligations, risk disclosure, claims, premium payment, subrogation, and special types of insurance. Article 1401 provides the general definition of an insurance contract.
The third source is SEDDK secondary legislation. This includes regulations on insurance agencies, insurance and reinsurance brokers, distance insurance contracts, insurance contracts concluded in favor of consumers, private health insurance, internal systems, financial reporting, and sector-specific products. SEDDK’s 2024–2028 Strategic Plan notes that the regulation on distance insurance contracts aimed to clarify distance selling to meet the differentiated demands of consumers and the needs of insurance companies and intermediary institutions.
The fourth source is Law No. 6698 on the Protection of Personal Data, known as KVKK. The official English text states that the law’s purpose is to protect fundamental rights and freedoms, particularly privacy, and to set binding obligations for persons processing personal data. This is critical for InsurTech because insurance platforms process identity data, contact data, vehicle data, health data, accident records, location data, financial data, claims files, device data, and sometimes biometric or wearable data.
The fifth source is consumer protection and distance sales rules. Digital insurance sales involve pre-contractual information, online acceptance, policy delivery, cancellation or termination rights, complaint channels, and transparency of coverage exclusions.
3. SEDDK’s Role in Digital Insurance
SEDDK is central to InsurTech regulation. It supervises insurance companies, reinsurance companies, insurance agencies, insurance brokers, loss adjusters, actuaries, and private pension institutions. It also issues regulations and guidance affecting digital insurance distribution, distance sales, internal controls, product conduct, reporting, and market supervision.
SEDDK has recognized digital transformation in the insurance sector. Its 2021 Annual Report states that distance insurance regulation clarified the definition of distance communications, limited who may conclude insurance contracts through distance communications, and permitted competent authorities to sell through their own electronic media while advertising on certain electronic trading platforms. It also states that competent authorities must take safety precautions specified in legislation on payment systems during premium collection for distance insurance contracts.
This is important for InsurTech platforms because digital insurance sales must be structured around authorized parties. A platform should not allow unauthorized persons or entities to conclude insurance contracts, collect premiums, or act as if they are licensed insurance intermediaries.
4. Digital Insurance Sales and Distance Insurance Contracts
Digital insurance sales are legally possible in Turkey, but they are regulated. Online sales may be conducted through the electronic media of competent entities, and the process must comply with insurance law, distance insurance rules, consumer protection principles, data protection requirements, and payment security expectations.
A compliant digital insurance sales journey should address:
Identity of the insurer
Identity and authority of the intermediary
Type of insurance product
Coverage limits
Exclusions
Premium amount
Payment method
Policy start date
Cancellation or termination rules
Claims notification process
Consumer information form
Distance sales acceptance record
Electronic policy delivery
Data processing notice
Complaint channels
The legal risk is especially high where an InsurTech platform operates as a comparison website or embedded insurance interface. If the consumer believes the platform is the insurer or licensed intermediary, but the platform is actually only a technology provider, confusion may create liability. The platform must clearly disclose its role.
5. Insurance Agencies and Online Agency Models
Insurance agencies are one of the most important distribution channels in Turkey. A digital agency may sell policies online, communicate through websites or mobile applications, collect documents electronically, and manage renewals. However, online operation does not remove agency licensing and qualification requirements.
Insurance agencies must comply with SEDDK rules on authorization, technical personnel, capital, conduct, website disclosures, representation authority, and reporting. In 2025, SEDDK amended the Regulation on Insurance Agencies. Legal updates report that the amendments increased minimum paid-in capital requirements, updated technical personnel criteria, and clarified managerial responsibilities.
This matters for InsurTech startups because “digital-only” agency models may require stronger capital and organizational planning than a simple software startup. An online agency that sells policies through distance channels should verify its current minimum capital, equity, technical personnel, website disclosure, and authorization obligations before launch.
A digital agency should also ensure that its website and app correctly disclose the insurance companies it represents and the scope of its authority. Misleading consumers about agency authority can create regulatory and civil liability.
6. Insurance Brokers and Digital Brokerage Platforms
Insurance brokers represent the policyholder’s interests rather than acting as an agent of a specific insurer. Brokers help clients analyze risks, obtain offers from insurers, compare coverage, negotiate terms, and place insurance. A digital broker may use online questionnaires, risk analytics, automated comparison tools, and electronic communications to serve clients.
The Regulation on Insurance and Reinsurance Brokers states that its purpose is to determine the framework of brokerage activities and the fundamental principles of such activities. A digital platform that provides brokerage-like services should not operate without considering broker licensing and conduct requirements.
A platform may be closer to brokerage if it:
Analyzes the client’s insurance needs
Compares multiple insurers in the client’s interest
Recommends specific coverage
Negotiates policy terms
Receives brokerage commission
Advises corporate clients on insurance structure
Claims to be independent from insurers
Provides risk consulting linked to policy placement
A website that merely lists general insurance information may not be a broker. However, if it evaluates customer needs and recommends insurance products, brokerage or agency rules may apply depending on its relationship with insurers and customers.
7. Insurance Comparison Websites
Insurance comparison websites are common InsurTech models. They allow users to compare motor, health, travel, property, device, liability, or other insurance products. The legal risk depends on whether the platform is only displaying information, acting as a lead generator, or actually intermediating insurance sales.
A comparison website should clarify:
Whether it is licensed
Whether it is an agency, broker, or technology provider
Which insurers are included
Whether all market products are compared or only partner products
How rankings are determined
Whether commission affects ranking
Whether the customer can purchase directly through the platform
Who issues the policy
Who collects the premium
Who handles cancellations and claims
How personal data is processed
A major risk is misleading neutrality. If a platform presents itself as independent but ranks products according to commission revenue or commercial partnership, consumer protection and unfair commercial practice issues may arise. Transparency is essential.
8. Embedded Insurance
Embedded insurance means offering insurance as part of another purchase journey. For example, a consumer buying a phone may be offered device insurance at checkout. A travel platform may offer travel insurance during booking. A car rental website may offer additional coverage. An e-commerce platform may offer shipment, return, warranty, or accident insurance.
Embedded insurance is commercially powerful because insurance is offered at the point of need. However, it creates legal risks:
Is the e-commerce platform authorized to sell insurance?
Is the insurance optional or bundled unfairly?
Is the consumer clearly informed?
Who is the insurer?
Who is the intermediary?
Is commission disclosed where necessary?
Can the consumer review policy terms before purchase?
How is consent obtained?
How is premium collected?
How are cancellations handled?
How are claims submitted?
The SEDDK distance insurance framework is relevant because it recognizes insurance sales through electronic channels and requires competent entities to follow rules for distance communication and premium collection safety. Embedded insurance should therefore be structured through authorized insurers or intermediaries, not merely through an ordinary merchant checkout process.
9. InsurTech and Payment Collection
Digital insurance platforms often collect premiums online. Premium collection may involve cards, bank transfers, payment institutions, electronic money institutions, recurring payments, installment plans, or embedded checkout flows.
Premium collection creates several legal risks:
Payment security
Authorization to collect premiums
Refunds and cancellations
Chargebacks
Installment payment disputes
Consumer claims after failed payment
Policy activation timing
Data security
Use of third-party payment service providers
Reconciliation between insurer, intermediary, and platform
SEDDK’s 2021 Annual Report specifically notes that competent authorities must take safety precautions specified in applicable payment systems legislation during premium collection for distance insurance contracts. Therefore, InsurTech platforms should design payment flows carefully and coordinate with licensed payment service providers where necessary.
A platform should not treat premium collection as a simple e-commerce payment. Premium payment may determine whether coverage begins, whether the policy is active, and whether claims are payable.
10. AI-Based Underwriting
Artificial intelligence is increasingly used in insurance underwriting. AI systems may evaluate customer risk, price policies, detect fraud, segment customers, estimate claim probability, analyze driving behavior, review medical data, or automate acceptance decisions.
AI underwriting creates legal risks:
Unfair discrimination
Use of inaccurate data
Opaque risk scoring
Lack of human review
Improper processing of health data
Use of excessive personal data
Misleading price personalization
Bias in training data
Failure to explain rejection or premium increase
Vendor algorithm errors
Data security problems
In Turkey, AI underwriting must be evaluated under insurance law, consumer protection, anti-discrimination principles, KVKK, and sector-specific product rules. Health insurance underwriting is especially sensitive because health data is special category personal data. A platform using automated health questionnaires, wearable data, or medical history must comply with strict KVKK requirements.
AI should not become an unreviewable black box. Insurers and intermediaries should document model design, data sources, validation, risk factors, human oversight, and complaint procedures.
11. Claims Automation and Digital Loss Assessment
Claims automation is one of the most attractive InsurTech areas. Customers may upload photos, accident reports, invoices, hospital documents, repair estimates, location data, or videos through a mobile app. AI systems may classify claims, estimate damage, detect fraud, and propose settlement amounts.
However, automated claims handling creates legal responsibility. The insurer remains responsible for proper claim assessment. If the platform underestimates loss, rejects valid claims, fails to consider documents, or delays processing, policyholders may challenge the decision.
Digital claims systems should address:
Secure document upload
Identity verification
Claim notification timestamp
Evidence preservation
Human review for disputed claims
Fraud detection safeguards
Explanation of rejection reasons
Appeal procedure
Expert or loss adjuster involvement where required
Data retention
Data breach response
Audit trail
A claims technology provider should also clarify whether it only supplies software or whether it participates in claims decision-making. If the provider affects claim outcomes, contractual liability and regulatory scrutiny may increase.
12. Telematics and Usage-Based Insurance
Telematics-based insurance uses driving data, vehicle sensors, GPS, mobile applications, or connected devices to price motor insurance or reward safer driving. Usage-based insurance may calculate premiums based on distance, driving behavior, speed, braking, time of use, location, or vehicle condition.
Telematics creates strong data protection issues. Location and behavior data can reveal private life, travel patterns, work routines, family habits, and risk behavior. Under KVKK, personal data processing must be lawful, specific, proportionate, and secure.
A telematics insurance model should explain:
What data is collected
Whether GPS is collected continuously
How driving scores are calculated
Whether data affects premiums
Whether data is shared with insurers, agencies, or third parties
Whether data is used for claims investigation
How long data is stored
How users can access or object to data processing
Whether explicit consent is required
How data is secured
What happens after policy termination
Telematics can improve pricing fairness, but it can also become excessive surveillance if not designed carefully.
13. Health InsurTech and Sensitive Data
Health InsurTech platforms may support private health insurance, supplementary health insurance, remote claims, hospital network searches, digital pre-authorization, wellness programs, chronic disease monitoring, wearable-device integration, or medical expense reimbursement.
Health data is highly sensitive. KVKK treats health data as special category personal data. Processing health data requires stricter legal basis analysis, security measures, access controls, confidentiality, retention discipline, and vendor management.
Legal risks include:
Collecting excessive medical information
Using health data for marketing
Sharing health data with unauthorized parties
Processing wearable data without clear consent
Automated rejection based on medical history
Data breach involving medical records
Unclear retention of health claims files
Cross-border transfer to foreign cloud providers
Use of AI in diagnosis-related insurance processes
Confusion between healthcare service and insurance service
In 2025, legal updates also noted amendments to the Private Health Insurance Regulation, due to enter into force on 1 January 2026, introducing clearer rules on processing, retention, and disclosure of health data. Health InsurTech projects should therefore review current SEDDK and KVKK requirements before launch.
14. KVKK Compliance for InsurTech Platforms
KVKK compliance is one of the most important legal requirements for InsurTech platforms. Insurance is data-intensive. Platforms may process identity data, contact data, vehicle information, property data, health data, payment information, claims documents, photographs, location data, device data, accident history, family information, beneficiary data, and financial data.
InsurTech KVKK compliance should include:
Privacy notices
Data processing inventory
Lawful basis analysis
Explicit consent where required
Special category data procedures
Data minimization
Retention and deletion policies
Data processing agreements
Cross-border transfer assessment
Data subject request procedures
Cybersecurity measures
Access control
Breach response plan
Vendor due diligence
Insurance platforms should not collect all possible data simply because more data may improve pricing. Data collection must be linked to a specific, legitimate, and proportionate purpose.
15. Cybersecurity in InsurTech
InsurTech platforms store valuable data and documents. A cyber incident may expose insurance policies, ID documents, health records, claims files, vehicle data, home addresses, payment information, and family information. This may lead to KVKK complaints, regulatory scrutiny, customer claims, reputational harm, and contractual liability.
InsurTech cybersecurity should include:
Secure software development
Encryption
Strong authentication
Role-based access control
Secure document upload
API security
Vendor security review
Penetration testing
Incident response
Business continuity
Data backup
Audit logs
Employee training
Cloud security assessment
Access monitoring
Cybersecurity is especially important where the platform connects insurers, agencies, brokers, hospitals, repair shops, payment providers, call centers, and cloud vendors. Each integration creates a potential risk point.
16. Open Insurance and Data Sharing
Open insurance is an emerging concept inspired by open banking. It may involve sharing insurance data through APIs between insurers, intermediaries, consumers, and third-party service providers. Potential use cases include policy dashboards, claims automation, personalized risk analysis, renewal comparison, embedded insurance, and multi-insurer account management.
Turkey does not yet have a fully developed open insurance regime comparable to open banking. However, InsurTech platforms already use APIs and data-sharing arrangements. These must comply with insurance law, KVKK, cybersecurity, confidentiality, contractual restrictions, and consumer consent requirements.
Key questions include:
Who controls the insurance data?
Can policy data be shared with third parties?
Has the customer consented?
Is health data involved?
Are APIs secure?
Who is liable for incorrect data?
Can data be used for marketing?
How is access revoked?
How long is shared data retained?
Are foreign vendors involved?
Open insurance may create innovation, but it requires careful legal architecture.
17. Consumer Protection and Digital Insurance
Digital insurance platforms must protect consumers from misleading information, hidden exclusions, unclear coverage, unfair bundling, aggressive sales, confusing renewal terms, and improper claims handling.
A consumer-facing digital insurance journey should ensure:
Clear product explanation
Clear premium amount
Coverage limits
Exclusions and waiting periods
Policy documents before or immediately after purchase
Information on insurer and intermediary
Cancellation and termination rules
Claim notification instructions
Complaint channels
Data protection notice
No misleading comparison rankings
No forced bundled insurance
No hidden commission-driven recommendations
Insurance products can be legally and technically complex. A mobile app should not oversimplify them in a way that misleads the consumer.
18. Advertising and Influencer Marketing
InsurTech platforms frequently use digital advertising, social media, search engine campaigns, influencers, affiliate links, and referral programs. Insurance advertising must be accurate, fair, and consistent with policy terms.
Risky statements include:
“Guaranteed claim payment”
“Cheapest insurance in Turkey” without basis
“Full coverage” where exclusions exist
“No medical questions” where underwriting applies
“Instant approval” where insurer review is needed
“Independent comparison” where only partners are listed
“Best policy” without objective criteria
“Free insurance” where cost is embedded in product price
Influencer campaigns are risky if the influencer appears to provide insurance advice or recommends a policy without authorization. Referral programs should also clarify whether the referrer is authorized to intermediate insurance sales.
19. Cross-Border InsurTech Platforms
Foreign InsurTech platforms may be interested in serving Turkish customers. This creates regulatory risk. Turkey generally restricts non-admitted insurance for risks located in Turkey, subject to exceptions. Legal commentary on non-admitted insurance notes that, as a general rule, persons domiciled in Turkey must use insurance companies admitted in Turkey to cover insurable interests in Turkey, subject to limited exceptions under the Insurance Law.
Foreign platforms should review Turkish law if they:
Target Turkish residents
Sell insurance covering Turkish risks
Use Turkish-language marketing
Accept Turkish lira payments
Work with Turkish agencies or brokers
Compare policies for Turkish consumers
Provide customer support in Turkish
Process Turkish customer data
Offer embedded insurance to Turkish e-commerce users
Use Turkish influencers or ads
A foreign license does not automatically authorize insurance distribution in Turkey. Local regulatory analysis is essential.
20. Platform Liability
InsurTech platform liability depends on the platform’s actual role. A platform may be liable as an insurer, agent, broker, software provider, data processor, data controller, advertiser, claims administrator, or contractual intermediary.
Potential liability may arise from:
Unauthorized insurance intermediation
Misleading product comparison
Failure to disclose insurer identity
Incorrect premium calculation
Failure to deliver policy documents
Failure to process cancellation
Incorrect claims guidance
Data breach
Unlawful health data processing
AI underwriting errors
Claims automation errors
Payment collection failures
Misleading advertising
Failure to preserve electronic records
Unfair consumer terms
The platform’s terms of use should match reality. A platform cannot claim to be a neutral technology provider if it actually recommends products, collects premiums, receives commission, and manages customer communication.
21. Contracts for InsurTech Platforms
InsurTech businesses need strong contracts. Depending on the model, these may include:
Insurer-platform agreement
Agency agreement
Brokerage agreement
Software-as-a-service agreement
API integration agreement
Claims technology agreement
Embedded insurance partnership agreement
Payment service agreement
Data processing agreement
Cybersecurity addendum
Consumer terms of use
Privacy notice
Commission agreement
Service level agreement
Complaint handling protocol
Contracts should allocate responsibility for licensing, consumer disclosures, premium collection, policy issuance, cancellation, claims, data protection, cybersecurity, regulatory reporting, complaints, and liability.
22. Practical Compliance Checklist for InsurTech Platforms in Turkey
An InsurTech platform should consider:
Classify the business model before launch.
Determine whether the platform is an insurer, agent, broker, comparison site, lead generator, or software provider.
Review SEDDK licensing and authorization requirements.
Review agency or broker rules if insurance products are sold or recommended.
Structure distance insurance sales according to applicable rules.
Prepare clear consumer disclosures.
Disclose insurer and intermediary identity.
Review premium collection and payment security.
Prepare KVKK privacy notices.
Assess special category data, especially health data.
Review telematics and location data processing.
Review AI underwriting and claims automation.
Implement cybersecurity controls.
Prepare complaint handling procedures.
Review advertising and influencer campaigns.
Draft contracts with insurers, agencies, brokers, vendors, and payment providers.
Preserve electronic acceptance and policy records.
Monitor SEDDK, KVKK, consumer law, and payment regulation updates.
This checklist must be adapted to the exact model. A digital insurance agency, broker platform, comparison website, embedded insurance checkout, telematics provider, health InsurTech app, and claims automation vendor have different obligations.
Why Legal Support Is Important
InsurTech law in Turkey combines insurance regulation, agency and brokerage law, commercial law, consumer protection, data protection, cybersecurity, payment law, advertising rules, and contract law. A platform that looks like a simple mobile app may in fact be performing regulated insurance intermediation.
A fintech and insurance lawyer can assist with:
InsurTech regulatory classification
SEDDK licensing analysis
Digital agency structuring
Brokerage compliance
Distance insurance sales review
Embedded insurance contracts
Insurance comparison platform review
KVKK compliance
Health data processing analysis
AI underwriting governance
Claims automation liability review
Cybersecurity and vendor contracts
Advertising compliance
Cross-border InsurTech analysis
Consumer dispute strategy
Regulatory correspondence
Legal review should begin before launch. Once customers have purchased policies through a non-compliant digital flow, remediation may require regulatory notification, contract revision, consumer communication, data deletion, and partner renegotiation.
Conclusion
InsurTech platforms in Turkey offer major opportunities for digital transformation in insurance. Online policy sales, embedded insurance, comparison platforms, telematics, AI underwriting, claims automation, health insurance apps, and open insurance models can make insurance more accessible, efficient, and personalized.
However, insurance is a regulated sector. The main framework is Insurance Law No. 5684, the Turkish Commercial Code’s insurance provisions, SEDDK secondary legislation, KVKK, distance sales rules, consumer protection principles, and cybersecurity obligations. Digital operation does not remove licensing, disclosure, conduct, and data protection duties.
The key legal question is the platform’s role. Is it an insurer, agent, broker, comparison platform, lead generator, claims administrator, software vendor, or embedded insurance partner? The answer determines licensing, liability, contracts, data obligations, and consumer disclosure requirements.
A legally sound InsurTech platform should be transparent about insurer identity, intermediary authority, coverage terms, exclusions, premiums, claims process, data use, and complaint channels. It should protect personal data, especially health and telematics data. It should use AI responsibly, preserve electronic records, secure payment flows, and avoid misleading marketing.
Turkey’s insurance sector is moving toward greater digitalization, and SEDDK has already regulated distance insurance contracts and digital sales channels. The companies that succeed will be those that combine innovation with regulatory discipline, consumer trust, data protection, cybersecurity, and strong legal architecture.
Yanıt yok