KVKK's Agentic AI Guidance and the 15-Question Framework: A DPIA Template for Turkish Companies (2026)

On March 12, 2026, the Personal Data Protection Authority (KVKK) of the Republic of Türkiye published guidance specific to Agentic AI systems. This document is the natural continuation of KVKK's Generative AI Guidance of September 22, 2024 — but substantively more critical. Reason: agentic AI systems, unlike classic generative AI, make autonomous decisions, perform multi-step operations, interact with external systems, and process data dynamically rather than statically.

The guidance opens with a critical premise: agentic AI systems generate three problems that classic DPIA structures fail to address.

1. Multi-step distributed data processing. Classic AI systems follow "ingest → process → output." Agentic AI follows "ingest → decide → call tool → gather new data → decide → call another tool..." — an N-step flow. Each step is a separate processing activity — how does a DPIA combine these into a single analysis?

2. Deepened black-box concern. Classic LLMs were already black boxes, but they made a single decision. Agentic AI generates a decision chain; auditing each link is extraordinarily difficult.

3. Blurred responsibility allocation. Foundation model provider (Anthropic, OpenAI), agent orchestrator (LangChain, AutoGen), deployer (the company), sub-processor (third-party APIs) — personal data flows through all of them. Who is the KVKK controller?

KVKK's Agentic AI Guidance (March 2026) has five main sections:

• Section A. Definitions and scope (agent, tool, foundation model, deployer, processor, sub-processor).
• Section B. Principles — purpose limitation, proportionality, accuracy, data minimization, transparency and accountability (interpretation of KVKK Article 4 in the agentic AI context).
• Section C. 15-Question Assessment Framework — questions to be answered before an agent system goes to production.
• Section D. Responsibility allocation: adapting controller, processor, and sub-processor definitions to agentic AI.
• Section E. Human oversight mechanisms, breach notification, user complaint channel, audit trails.

2.1. Three New Concepts in the Guidance

The guidance introduces three concepts new to existing KVKK practice:

1. Cascading Data Processing. The output of one agent call becomes the input to another agent. Each step in this chain is a separate processing activity and must be detailed in VERBIS.

2. Autonomous Decision Threshold. The more autonomously the agent decides, the stronger the KVKK Article 11 (automated decision-making) obligation. The guidance defines an "autonomy level" for agents on a 5-tier scale (observer, suggester, semi-autonomous, authorized-autonomous, fully-autonomous).

3. Residual Data. Personal data remaining after processing in the agent's memory/RAG layer. Classic DPIAs do not address this; the guidance explicitly extends KVKK coverage to personal data in agent memory.

The most operational part of the guidance: 15 questions. Before an agent goes to production, the DPO and system owner provide written answers to these 15 questions; the responses are an annex to the DPIA.

Questions 1-3: Purpose and Scope

1. What is the processing purpose of this agent system? A single specific, measurable, comprehensible sentence.
2. Which personal data categories are processed? Ordinary, special category, biometric, health, legal, financial.
3. What is the legal basis? Explicit consent, contract, legal obligation, vital interest, public interest, legitimate interest (Article 5).

Questions 4-6: Data Flow Map

4. What are the data sources? User input, customer database, external APIs, web scraping, internal documents.
5. How many tools does the agent use and what data does each tool access? Tool inventory is mandatory — for each tool: input-output-data-scope.
6. Is there cross-border data transfer? Where the foundation model provider is located (OpenAI US, Anthropic US, Mistral France, Cohere Canada), sub-processors.

Questions 7-9: Risk Assessment

7. What is the cascading failure risk? If one step decides incorrectly, do effects compound on subsequent steps?
8. Potential for untraceable leakage? Can the agent inadvertently disclose personal data in a different context (e.g., leaking one user's data into another user's query response)?
9. Impact of autonomous decisions? Does the agent's decision produce legal or similarly significant effects on the user? (KVKK Article 11)

Questions 10-12: Mitigation

10. Is there an anonymization/pseudonymization layer? PII masking before the foundation model call.
11. Where is human oversight? Which decision steps require human approval? Approval time?
12. How is data minimization applied? Does the agent pass full context at each step or filtered subsets?

Questions 13-15: Monitoring and Responsibility

13. Logging and audit trail? Is every agent decision, tool call, and data flow logged? Retention?
14. Serious incident notification process? How is 72-hour VERBIS breach notification ensured?
15. Executive approval? Has the DPIA been signed by the DPO and CIO/CISO? Annual review planned?

Per the KVKK guidance, the 7-step DPIA template for agentic AI systems:

Step 1: AI System Description

• System name, version, owner (department)
• Foundation model (provider, version, host region)
• Agent framework (LangChain, LlamaIndex, AutoGen, vendor stack)
• Tool inventory (per tool: name, provider, access level)
• Expected user count, usage frequency

Step 2: Data Flow Map

A color diagram showing each step, each data category, and each cross-border transfer point. Tool: draw.io or Lucidchart template. Each arrow carries: data category, volume, legal basis, retention, encryption status.

Step 3: Legal Basis Table

For each processing activity (cascading data processing is treated step-by-step), KVKK Article 5 and, if relevant, Article 6 (special category) bases. For cross-border transfer, Article 9 bases (adequacy decision, BCR, explicit consent).

Step 4: Risk Assessment Matrix

Step 5: Mitigation Plan

Concrete mitigation per risk. Example format:

Risk: Untraceable leakage
Mitigation 1: Isolated memory per session; cleared at session end
Mitigation 2: PII detection masking before vector DB lookup
Mitigation 3: Weekly automated cross-tenant audit
Owner: ML Platform Tech Lead
Deadline: Complete within 30 days

Step 6: Consultation

The guidance recommends prior consultation with KVKK for high-risk cases. Threshold: cases where the agent makes autonomous decisions with legal or similarly significant effects. In practice: credit approval agents, insurance pricing agents, termination support agents, health insurance agents.

Step 7: Monitoring and Reassessment

A DPIA is not a static document. The guidance requires:

• Monthly. Agent behavior drift (model behavior can shift over time).
• Quarterly. Updates to risk scores.
• Annually. Full DPIA review.
• Trigger events. Foundation model upgrade, tool addition/removal, after a serious incident, after regulatory updates.

When KVKK Article 3 definitions are adapted to agentic AI, complex tables emerge:

6.1. Cascading Failures

In classic AI, one error spoils one answer. In agentic AI, one error spoils N subsequent decisions. Example: An e-commerce sales agent updates a different person's account using a "historically contacted" email instead of the email "registered at signup." This is a KVKK Article 4 (accuracy) + Article 12 (security) violation.

6.2. Autonomous Decisions

KVKK Article 11(c) grants the data subject the right to object to automated decisions producing adverse effects. This is much more complex in agentic AI — because the "decision" is a chain, not a single point.

6.3. Untraceable Leakage

The foundation model's training data may include a user's personal data; another user's query can prompt the model to disclose that personal data. Classic data flow tracking does not detect this kind of leakage.

Practical reality for Turkish companies: KVKK alone is not enough. For companies offering agentic AI to the EU market in particular, EU AI Act obligations (FRIA, Article 27) apply additionally.

7.1. Building a Single AI Management System (AIMS)

ISO 42001 AIMS can serve as a unifier across all three frameworks. Practical approach:

1. Single AI risk register — KVKK DPIA, AI Act FRIA, and ISO 42001 risk assessment in one system.
2. Single audit trail platform — KVKK Article 12 + AI Act Article 12 + ISO 42001 Clause 9 logs on one platform.
3. Single incident response process — KVKK 72 hours + AI Act 15 days + ISO 42001 corrective action combined.

7.2. ISO 42001 AIMS Certification Process

ISO 42001:2023 certification stages:

1. Preparation (4-8 weeks). Existing process inventory, gap analysis, draft AIMS policy.
2. AIMS implementation (8-16 weeks). Policy, procedure, recording structure, responsibility matrix, training program.
3. Internal audit (2-4 weeks). Internal team or external consultant.
4. Management review (1-2 weeks). Executive approval.
5. Accredited certification body audit (2-4 weeks). TÜV, BSI, DNV, DEKRA.
6. Certification (2-4 weeks). Closing findings, issuing certificate.
7. Annual surveillance audits (continuous). Continual conformity testing.

7.3. Turkish Data Protection Regulation Reform (2024-2026)

Amendments to Türkiye's Law No. 6698 (2024 and 2025) are critical in the agentic AI context:

1. International Transfers (Article 9 amendment, 2024). No EU-Türkiye adequacy decision yet, but Standard Contractual Clauses (SCC) make international transfer more flexible.
2. Anonymization (new Article 28). Anonymized data falls outside the law; but anonymization technique adequacy is monitored.
3. VERBIS Registration Exemptions. Some SMEs are exempt from registration, but agentic AI systems' registration obligation is retained.
4. Maximum Fine (2025 update). Maximum fine raised to TRY 50M.

For Turkish companies, the anonymization layer significantly reduces KVKK risk. If the data sent to the foundation model is anonymized, most KVKK obligations are mitigated.

7.4. Turkish AI Regulatory Landscape (As of March 2026)

KVKK Agentic AI Guidance is not alone; Türkiye's AI regulatory landscape consists of 7 elements as of 2026:

1. KVKK Law No. 6698 (2016). Core personal data protection law.
2. KVKK Generative AI Guidance (September 2024). Chatbots, content generation, conversation assistants.
3. KVKK Agentic AI Guidance (March 2026). Agentic AI systems.
4. BDDK AI in Banking Circular (May 2025). Sectoral regulation.
5. SPK AI in Capital Markets Guidance (October 2025). Investment advisory AIs.
6. TÜBİTAK Turkish AI Strategy (2025-2030). Sectoral capacity building.
7. Turkish AI Law Draft (expected late 2026). A national law based on the EU AI Act.

Most critical observation: when Türkiye's own AI law arrives, it is expected to be largely aligned with the EU AI Act. Therefore, today's investment in EU AI Act compliance also significantly satisfies the future Turkish AI Law.

Case 1 — Turkish Bank: Customer Service Chatbot Agent

Problem. A Turkish bank made its chatbot "agentic" in Q4 2025. The chatbot can now read customer balance, pay bills, propose card limit increases. After the KVKK Agentic AI Guidance was published in March 2026, the DPO applied the 15 questions and found 6 major gaps.

Gaps.

1. The chatbot reads other banks' balance (Open Banking API) but a separate privacy notice was missing.
2. Cascading failure — chatbot sometimes decided "for the wrong customer" (session crossover).
3. Foundation model in OpenAI US — cross-border transfer basis missing.
4. Audit log only 30 days — KVKK requires 10 years.
5. DPIA was for the chatbot's 6-month-old version; not updated for the agent version.
6. Executive approval missing.

Solution. A 4-month compliance project: (1) Privacy notice updated, additional explicit consent collected; (2) Session isolation strengthened; (3) Transitioned to Anthropic Frankfurt (cross-border risk reduced); (4) Audit log retention extended to 10 years; (5) DPIA fully rewritten (15-question format); (6) Board Risk Committee approval.

Result. "Compliant" classification in KVKK audit November 2026. Total investment: 2.8M TRY. The chatbot agent remained in production, with 3 sub-processor DPAs newly signed.

Case 2 — Turkish E-commerce: Sales Assistant Agent

Problem. The company built a "personal sales assistant" agent — accessing the user's purchase history, browsing trail, and customer service messages; recommending products and using persuasion techniques for cart completion. Post-2026 DPO review identified 4 critical risks.

Risks.

1. Manipulative AI border (KVKK + EU AI Act Article 5). Some persuasion strategies edged toward manipulation.
2. Autonomous decision — price change. The agent could offer personalized X% discounts; this falls under KVKK Article 11.
3. Untraceable leakage. Agent revealed old user data in another user's query — caught in logs.
4. DPIA missing for tool calls. Agent invoked 8 tools (CRM, email, SMS, payment) — each needed its own DPIA.

Solution. (1) Persuasion strategies redesigned, manipulation-crossing techniques removed; (2) "Why this offer?" button on price offers; (3) Cross-tenant audit weekly automated; (4) Micro-DPIA per tool + single agent-DPIA update.

Result. Customer complaints down 38%. Conversion rate barely changed (-0.4%). Zero non-compliance in KVKK audit. Total investment: 950K TRY.

Case 3 — Turkish Insurance: Claim Assessment Agent

Problem. Insurance company built an agent automating claim assessment. Agent accesses customer claim history, social media (risky profile detection), photos, and expert reports. The "autonomous decision" threshold in the guidance is critical — the agent could reject claims on its own.

Solution.

1. Autonomy threshold set to 0. Agent cannot decide, only suggests. A human expert makes the final decision.
2. Social media data removed. Legal basis for that data was questionable (Article 5).
3. Explainability report. Each claim assessment narrates "agent based its suggestion on 5 reasons."
4. User objection rights. Customer can request human re-review (Article 11).
5. KVKK prior consultation. As a high-risk case, prior notification to the KVKK Board with opinion obtained.

Result. Claim assessment time reduced from 5 days to 18 hours (without compromising human-expert quality). Customer objection rate 2% — most differences are minor between agent suggestion and human decision. Favorable opinion from KVKK Board, setting a sector precedent.

Before an agentic AI system goes to production, DPO must complete:

Documentation & Governance

• 15-question assessment completed
• 7-step DPIA finalized
• VERBIS updated — including each cascading data processing step
• Privacy notice updated (agent use, tool inventory, cross-border)
• Sub-processor DPAs signed (foundation model + agent orchestrator)
• Executive approval (DPO + CIO/CISO + General Counsel)

Technical Controls

• PII firewall (input + output)
• Session isolation (cross-tenant test passed)
• Cascading failure test (max-N step, confidence threshold)
• Audit log (10-year retention, KVKK Article 12)
• Cross-border transfer basis (adequacy, BCR, explicit consent, contract)
• User control panel (access, rectify, erasure, objection — Article 11)

Continuous Monitoring

• Monthly behavior drift test
• Quarterly risk score update
• Annual full DPIA review
• Breach notification procedure (72 hours) tested
• Complaint channel (web form, email) functional

Some 2025-2026 KVKK rulings are precedents for agentic AI practitioners:

Ruling 1: Banking Chatbot (September 2025)

• Event: A private bank's chatbot returned "Show my credit card limit" by showing another customer's data.
• KVKK Finding: Article 12 (data security) violation. Missing session isolation, insufficient audit log.
• Penalty: TRY 14M.
• Lesson: Cross-tenant testing is absolutely mandatory before agent deployment.

Ruling 2: E-commerce AI (December 2025)

• Event: An e-commerce firm fed ethnic origin to product recommendation AI — bias emerged.
• KVKK Finding: Article 6 (special category data) and Article 4 (general principles — unfairness) violations.
• Penalty: TRY 8M + system suspension order.
• Lesson: Special-category-data feeding to AI is the most sensitive area — always justified notification and explicit consent.

Ruling 3: Health AI (March 2026, concurrent with the guidance)

• Event: A health-tech firm used patient data without anonymization in foundation model calls.
• KVKK Finding: Article 9 (international transfer) + Article 6 (special category) violations.
• Penalty: TRY 22M + permanent system suspension.
• Lesson: Anonymization for health data is MANDATORY; even inference is unacceptable.

Ruling 4: HR-tech AI (April 2026, after the guidance)

• Event: An HR-tech SaaS systematically scored women lower in CV screening (training data bias).
• KVKK Finding: Article 4 (general principles — equality) + Article 11 (automated decision-making) violations.
• Penalty: TRY 18M + system redesign order.
• Lesson: Bias audit monthly; training data regularly cleaned.

For Turkey-headquartered companies operating in multiple jurisdictions:

Scenario: Turkish SaaS, Multiple Markets

A Turkish SaaS company:

• Located in Türkiye
• Sells in EU (AI Act)
• Sells in US (CCPA, CPRA, sectoral)
• Sells in UK (UK GDPR, AI Bill of Rights)
• Sells in Brazil (LGPD)

This company's agentic AI system requires not a single DPIA, but a multi-jurisdictional compliance matrix.

Practical Approach

1. Anchor on the strictest jurisdiction. EU AI Act + KVKK Agentic AI Guidance is typically the highest standard.
2. Single DPIA + jurisdictional addenda. Master DPIA and 5-10 page addenda per jurisdiction.
3. Single incident response procedure. Plan against the shortest notification window (KVKK 72 hours).
4. Single audit trail platform. Common for all jurisdictions.
5. Local counsel. Retainer with a law firm in each major market.

To complete KVKK Agentic AI Guidance compliance:

1. AI System Inventory (Week 1). List all agentic AI systems. Classify "agent vs. generative AI."
2. 15-Question Assessment (Weeks 2-3). Written responses to 15 questions per agent.
3. 7-Step DPIA Template (Weeks 3-5). Full DPIA per agent. Collect vendor sub-processor DPAs.
4. Technical Mitigation Implementation (Weeks 4-7). PII firewall, session isolation, audit log retention, cross-border controls.
5. VERBIS Update (Week 6). Each cascading data processing step detailed in VERBIS.
6. Privacy Notice Update (Week 7). Tool inventory, cross-border, retention added.
7. Executive Approval + Continuous Monitoring Plan (Week 8). Board Risk Committee approval, monthly/quarterly monitoring calendar, breach notification procedure tested.

Reach out via the contact form on the site.

12.1. Closing: KVKK's AI Governance Vision

The KVKK Agentic AI Guidance, together with the September 2024 Generative AI Guidance, forms the foundation of Türkiye's AI governance architecture. A Turkish AI Law expected in 2027 likely incorporates:

1. AI system classification (based on the EU AI Act).
2. Type approval process for high-risk systems (CE marking analog).
3. AI Ethics Board (under the Presidency).
4. Coordination with sectoral regulators (BDDK, EPDK, RTÜK).
5. Mandatory AI literacy.
6. Mandatory AI labeling (for deepfakes, generative content).

The practical message for Turkish companies: today's compliance with KVKK Agentic AI Guidance covers ~70% of future Turkish AI Law compliance. Companies that act early can navigate regulatory transitions painlessly.

12.2. DPO Professional Development

DPO is not yet legally mandated in Türkiye, but in the agentic AI era it has become a de facto necessity. Areas of professional development for DPOs:

1. AI fundamentals. How foundation models work, agent frameworks, RAG, the differences with fine-tuning.
2. Ethical AI principles. Council of Europe AI Convention, OECD AI Principles, UNESCO AI Recommendation.
3. Parallel legal reading. AI Act + KVKK + ISO 42001 + Turkish legal doctrine.
4. Technical audit. Bias audit, faithfulness eval, adversarial testing.
5. Vendor management. DPA negotiation, sub-processor tracking, vendor risk scoring.
6. Incident management. From detection to notification.

In Türkiye, the DPO Academy (KVKK-supported), IAPP CIPM/CIPP, and ISACA CDPSE are popular certifications.

This is a living document; updates to KVKK guidance, EU AI Act delegated acts, and ISO 42001 revisions can change quarterly, so it is updated quarterly.

Closing: Türkiye's Agentic AI Future

The KVKK Agentic AI Guidance positioned Türkiye among the first few countries in the world to regulate agentic AI in a structured way. This is an area where Turkish companies can leverage early-mover advantage in global competition. Companies compliant with the guidance:

1. Compete directly in the EU market as AI Act compliant providers.
2. Earn trust from citizens in the domestic market.
3. Present a maturity indicator to investors.
4. Are ready for the forthcoming Turkish AI Law.
5. Engage proactively with the global AI governance landscape.

In the 2026-2030 agentic AI growth cycle, Turkish companies that comply with the guidance today will be tomorrow's leaders.