Remote Identification Regulation for Crypto Asset Service Providers and Artificial Intelligence-Based Methods

The Communiqué on Amendments to the Communiqué (III-42.1) on Remote Identification Methods to Be Used by Brokerage Firms, Portfolio Management Companies and Crypto Asset Service Providers and on the Establishment of Contractual Relationships in an Electronic Environment (III-42.1.a) (the “Communiqué”), issued by the Capital Markets Board (“CMB”), was published in the Official Gazette dated 28 February 2026 and entered into force on its publication date.

Crypto Asset Service Providers Now Within Scope

With the amendment, the scope of the Communiqué has been expanded to include crypto asset service providers. Accordingly, the Communiqué now regulates:

• The remote identification methods that may be used for new customer onboarding,
• The procedures and principles governing the establishment of contractual relationships with customers in an electronic environment.

Artificial Intelligence-Based Identification

The Communiqué permits the use of artificial intelligence-based methods in remote identification processes. Where identification procedures are conducted solely through artificial intelligence, without the involvement of personnel, compliance with the security principles set out in Article 4/9 of the Financial Crimes Investigation Board General Communiqué (Serial No: 19) is mandatory as a minimum requirement.

Accordingly, remote identification processes utilizing artificial intelligence must be conducted online and in real time; video verification must be completed uninterruptedly through end-to-end secure communication; and the integrity and confidentiality of audio-visual communication must be ensured. The obliged entity must verify that the applicant is a real person and confirm that the presented identity document belongs to the applicant by comparing the photograph on the identity document with the live image.

If artificial intelligence is used for facial comparison, or if the process is conducted entirely on an AI basis without a customer representative, a report issued by the Turkish Standards Institution (“TSI”) demonstrating that the algorithm’s false acceptance rate is below 1/10,000,000 must be obtained. Where the service is procured from a foreign-based organization holding an internationally recognized accreditation, a TSI report may not be required.

Supervisory Framework

Additionally:

• Individuals whose identities are verified through remote identification will be subject to a differentiated risk monitoring profile,
• Additional security and control mechanisms will be applied depending on the type and amount of the transaction,
• In transactions giving rise to obligations for individuals or third parties, the burden of proof in the event of an objection will rest with the relevant institution.

The CMB is authorized to determine the procedures and principles applicable to brokerage firms, portfolio management companies and crypto asset service providers that utilize artificial intelligence methods and, where deemed necessary, to restrict or suspend the remote identification practice.

With this amendment, remote customer onboarding and electronic contracting processes of crypto asset service providers have been explicitly incorporated into the regulatory framework. While the use of artificial intelligence is permitted, compliance with minimum anti-money laundering (AML) and security standards is mandatory for these processes.