# KVKK's Agentic AI Guidance and the 15-Question Framework: A DPIA Template for Turkish Companies (2026)

> Source: https://sukruyusufkaya.com/en/blog/kvkk-etken-yapay-zeka-agentic-ai-rehberi-dpia-sablonu-2026
> Updated: 2026-05-27T18:16:01.597Z
> Type: blog
> Category: yapay-zeka
**TLDR:** KVKK's March 12, 2026 Agentic AI guidance redefines multi-step data processing, deepened black-box concerns, and responsibility allocation for agentic AI systems. Includes the 15-question assessment framework, a 7-step DPIA template, agentic-AI-specific risks, and banking and e-commerce case studies — a complete implementation guide for Turkish DPOs.

<tldr data-summary="[&quot;KVKK&apos;&apos;s March 12, 2026 Agentic AI Guidance — distinct from the 2024 Generative AI Guidance — addresses multi-agent, autonomous decisions, and distributed data processing.&quot;,&quot;In agentic AI, the DPIA is not a static document but a living monitoring system: agent behavior can shift after training, and risks must be updated weekly or monthly.&quot;,&quot;KVKK&apos;&apos;s 15-question framework: purpose clarity, data flow map, legal basis, risk assessment, mitigation, monitoring, executive approval.&quot;,&quot;Responsibility allocation blurs in agentic AI: foundation model provider, agent orchestrator, deployer, sub-processor — each KVKK role must be separately defined.&quot;,&quot;DPO practical checklist: agent inventory, black-box depth scoring, cascading failure simulation, breach notification threshold, user complaint channel.&quot;]" data-one-line="KVKK''s 2026 Agentic AI Guidance acknowledges that agentic AI is too dynamic and autonomous to be managed by classic DPIAs and defines a living risk management framework for Turkish companies."></tldr>

## 1. Introduction: Why Agentic AI Is a New Legal Question Category

On March 12, 2026, the Personal Data Protection Authority (KVKK) of the Republic of Türkiye published guidance specific to **Agentic AI** systems. This document is the natural continuation of KVKK's **Generative AI Guidance** of September 22, 2024 — but substantively more critical. Reason: agentic AI systems, unlike classic generative AI, **make autonomous decisions, perform multi-step operations, interact with external systems, and process data dynamically rather than statically**.

<definition-box data-term="Agentic AI" data-definition="An AI system that, given a goal, (1) plans to reach the goal, (2) uses tools, (3) sends and receives data via external APIs, (4) evaluates intermediate results and can modify its own plan, (5) sometimes invokes sub-agents. Unlike classic prompt-response LLMs, agentic AI makes autonomous decisions and processes data dynamically rather than statically." data-also="AI Agent, Autonomous AI"></definition-box>

The guidance opens with a critical premise: **agentic AI systems generate three problems that classic DPIA structures fail to address**.

1. **Multi-step distributed data processing.** Classic AI systems follow "ingest → process → output." Agentic AI follows "ingest → decide → call tool → gather new data → decide → call another tool..." — an **N-step flow**. Each step is a separate processing activity — how does a DPIA combine these into a single analysis?

2. **Deepened black-box concern.** Classic LLMs were already black boxes, but they made a single decision. Agentic AI generates a **decision chain**; auditing each link is extraordinarily difficult.

3. **Blurred responsibility allocation.** Foundation model provider (Anthropic, OpenAI), agent orchestrator (LangChain, AutoGen), deployer (the company), sub-processor (third-party APIs) — personal data flows through all of them. Who is the KVKK controller?

<stat-callout data-value="73%" data-context="Among companies in Türkiye that genuinely claim to use agents by end of 2025" data-outcome="have not adapted their DPIAs for agent processes — they use agents but manage them with classic chatbot DPIAs." data-source="{&quot;label&quot;:&quot;KVKK Agentic AI Guidance 2026 Impact Analysis&quot;,&quot;url&quot;:&quot;https://www.kvkk.gov.tr/Icerik/etken-ai-rehberi&quot;,&quot;date&quot;:&quot;2026-03-12&quot;}"></stat-callout>

## 2. Legal Anatomy: Structure of the KVKK Guidance

KVKK's Agentic AI Guidance (March 2026) has five main sections:

- **Section A.** Definitions and scope (agent, tool, foundation model, deployer, processor, sub-processor).
- **Section B.** Principles — purpose limitation, proportionality, accuracy, data minimization, transparency and accountability (interpretation of KVKK Article 4 in the agentic AI context).
- **Section C.** **15-Question Assessment Framework** — questions to be answered before an agent system goes to production.
- **Section D.** Responsibility allocation: adapting controller, processor, and sub-processor definitions to agentic AI.
- **Section E.** Human oversight mechanisms, breach notification, user complaint channel, audit trails.

### 2.1. Three New Concepts in the Guidance

The guidance introduces three concepts new to existing KVKK practice:

1. **Cascading Data Processing.** The output of one agent call becomes the input to another agent. **Each step in this chain is a separate processing activity** and must be detailed in VERBIS.

2. **Autonomous Decision Threshold.** The more autonomously the agent decides, the stronger the KVKK Article 11 (automated decision-making) obligation. The guidance defines an "autonomy level" for agents on a 5-tier scale (observer, suggester, semi-autonomous, authorized-autonomous, fully-autonomous).

3. **Residual Data.** Personal data **remaining after processing** in the agent's memory/RAG layer. Classic DPIAs do not address this; the guidance explicitly extends KVKK coverage to personal data in agent memory.

## 3. KVKK's 15-Question Assessment Framework

The most operational part of the guidance: **15 questions**. Before an agent goes to production, the DPO and system owner provide written answers to these 15 questions; the responses are an annex to the DPIA.

### Questions 1-3: Purpose and Scope

1. **What is the processing purpose of this agent system?** A single specific, measurable, comprehensible sentence.
2. **Which personal data categories are processed?** Ordinary, special category, biometric, health, legal, financial.
3. **What is the legal basis?** Explicit consent, contract, legal obligation, vital interest, public interest, legitimate interest (Article 5).

### Questions 4-6: Data Flow Map

4. **What are the data sources?** User input, customer database, external APIs, web scraping, internal documents.
5. **How many tools does the agent use and what data does each tool access?** Tool inventory is mandatory — for each tool: input-output-data-scope.
6. **Is there cross-border data transfer?** Where the foundation model provider is located (OpenAI US, Anthropic US, Mistral France, Cohere Canada), sub-processors.

### Questions 7-9: Risk Assessment

7. **What is the cascading failure risk?** If one step decides incorrectly, do effects compound on subsequent steps?
8. **Potential for untraceable leakage?** Can the agent inadvertently disclose personal data in a different context (e.g., leaking one user's data into another user's query response)?
9. **Impact of autonomous decisions?** Does the agent's decision produce legal or similarly significant effects on the user? (KVKK Article 11)

### Questions 10-12: Mitigation

10. **Is there an anonymization/pseudonymization layer?** PII masking before the foundation model call.
11. **Where is human oversight?** Which decision steps require human approval? Approval time?
12. **How is data minimization applied?** Does the agent pass full context at each step or filtered subsets?

### Questions 13-15: Monitoring and Responsibility

13. **Logging and audit trail?** Is every agent decision, tool call, and data flow logged? Retention?
14. **Serious incident notification process?** How is 72-hour VERBIS breach notification ensured?
15. **Executive approval?** Has the DPIA been signed by the DPO and CIO/CISO? Annual review planned?

<callout-box data-variant="tip" data-title="No Production Without 15 Questions Answered">

Practical effect: deploying an agentic AI system to market **without written responses to the 15 questions** triggers a presumption of "negligence" in any KVKK audit, with fines rising in the 100K-50M TRY range. DPOs should turn the 15 questions into a standard Word/Notion template.

</callout-box>

## 4. 7-Step DPIA Template

Per the KVKK guidance, the **7-step DPIA template** for agentic AI systems:

### Step 1: AI System Description

- System name, version, owner (department)
- Foundation model (provider, version, host region)
- Agent framework (LangChain, LlamaIndex, AutoGen, vendor stack)
- Tool inventory (per tool: name, provider, access level)
- Expected user count, usage frequency

### Step 2: Data Flow Map

A **color diagram** showing each step, each data category, and each cross-border transfer point. Tool: draw.io or Lucidchart template. Each arrow carries: data category, volume, legal basis, retention, encryption status.

### Step 3: Legal Basis Table

For each processing activity (cascading data processing is treated step-by-step), KVKK Article 5 and, if relevant, Article 6 (special category) bases. For cross-border transfer, Article 9 bases (adequacy decision, BCR, explicit consent).

### Step 4: Risk Assessment Matrix

<comparison-table data-caption="Agentic AI Risk Matrix (for DPIA)" data-headers="[&quot;Risk&quot;,&quot;Likelihood&quot;,&quot;Impact&quot;,&quot;Risk Score&quot;,&quot;Mitigation&quot;]" data-rows="[{&quot;feature&quot;:&quot;Hallucination producing wrong personal data&quot;,&quot;values&quot;:[&quot;High&quot;,&quot;High&quot;,&quot;9/10&quot;,&quot;Faithfulness eval + human approval&quot;]},{&quot;feature&quot;:&quot;Untraceable leakage (old user data leak)&quot;,&quot;values&quot;:[&quot;Medium&quot;,&quot;High&quot;,&quot;7/10&quot;,&quot;User isolation + session reset&quot;]},{&quot;feature&quot;:&quot;Cascading failure&quot;,&quot;values&quot;:[&quot;Medium&quot;,&quot;Very High&quot;,&quot;8/10&quot;,&quot;Per-step approval + max-N step limit&quot;]},{&quot;feature&quot;:&quot;Sub-processor data leakage&quot;,&quot;values&quot;:[&quot;Low&quot;,&quot;High&quot;,&quot;6/10&quot;,&quot;Sub-processor due diligence + SLA&quot;]},{&quot;feature&quot;:&quot;Unauthorized cross-border transfer&quot;,&quot;values&quot;:[&quot;High&quot;,&quot;Very High&quot;,&quot;9/10&quot;,&quot;EU/TR region model + anonymization&quot;]},{&quot;feature&quot;:&quot;Prompt injection data exfiltration&quot;,&quot;values&quot;:[&quot;Medium&quot;,&quot;High&quot;,&quot;7/10&quot;,&quot;Input sanitization + LLM guard&quot;]},{&quot;feature&quot;:&quot;Missing audit log&quot;,&quot;values&quot;:[&quot;High&quot;,&quot;Medium&quot;,&quot;6/10&quot;,&quot;Centralized logging + retention&quot;]}]"></comparison-table>

### Step 5: Mitigation Plan

Concrete mitigation per risk. Example format:

~~~
Risk: Untraceable leakage
Mitigation 1: Isolated memory per session; cleared at session end
Mitigation 2: PII detection masking before vector DB lookup
Mitigation 3: Weekly automated cross-tenant audit
Owner: ML Platform Tech Lead
Deadline: Complete within 30 days
~~~

### Step 6: Consultation

The guidance recommends **prior consultation with KVKK** for high-risk cases. Threshold: cases where the agent makes autonomous decisions with legal or similarly significant effects. In practice: credit approval agents, insurance pricing agents, termination support agents, health insurance agents.

### Step 7: Monitoring and Reassessment

A DPIA is not a static document. The guidance requires:

- **Monthly.** Agent behavior drift (model behavior can shift over time).
- **Quarterly.** Updates to risk scores.
- **Annually.** Full DPIA review.
- **Trigger events.** Foundation model upgrade, tool addition/removal, after a serious incident, after regulatory updates.

## 5. Responsibility Allocation: KVKK Roles in Agentic AI

When KVKK Article 3 definitions are adapted to agentic AI, complex tables emerge:

<comparison-table data-caption="KVKK Roles in the Agentic AI Supply Chain" data-headers="[&quot;Actor&quot;,&quot;KVKK Role&quot;,&quot;Responsibilities&quot;,&quot;Turkish Example&quot;]" data-rows="[{&quot;feature&quot;:&quot;Foundation Model Provider (OpenAI, Anthropic)&quot;,&quot;values&quot;:[&quot;Processor&quot;,&quot;Article 12 security + contract + sub-processor list&quot;,&quot;Anthropic DPA signed with Turkish customer&quot;]},{&quot;feature&quot;:&quot;Agent Orchestrator Provider (LangChain, vendor stack)&quot;,&quot;values&quot;:[&quot;Processor&quot;,&quot;Same; plus version-update impact analysis&quot;,&quot;Vendor DPA + sub-processor approval&quot;]},{&quot;feature&quot;:&quot;Tool API Provider (email, calendar, CRM API)&quot;,&quot;values&quot;:[&quot;Sub-processor&quot;,&quot;Notification regarding data processed during tool calls&quot;,&quot;CRM write is a separate processing&quot;]},{&quot;feature&quot;:&quot;Turkish Company (Deployer)&quot;,&quot;values&quot;:[&quot;Controller&quot;,&quot;Purpose, DPIA, VERBIS, breach notification&quot;,&quot;All KVKK obligations land here&quot;]},{&quot;feature&quot;:&quot;User&quot;,&quot;values&quot;:[&quot;Data Subject&quot;,&quot;Access, rectification, erasure, objection (Article 11)&quot;,&quot;Mandatory user complaint channel&quot;]}]"></comparison-table>

## 6. Three Agentic-AI-Specific Risk Categories

### 6.1. Cascading Failures

In classic AI, one error spoils one answer. In agentic AI, one error spoils **N subsequent decisions**. Example: An e-commerce sales agent updates a different person's account using a "historically contacted" email instead of the email "registered at signup." This is a KVKK Article 4 (accuracy) + Article 12 (security) violation.

### 6.2. Autonomous Decisions

KVKK Article 11(c) grants the data subject the **right to object to automated decisions producing adverse effects**. This is much more complex in agentic AI — because the "decision" is a chain, not a single point.

### 6.3. Untraceable Leakage

The foundation model's training data may include a user's personal data; another user's query can prompt the model to disclose that personal data. Classic data flow tracking **does not detect** this kind of leakage.

## 7. KVKK + EU AI Act + ISO 42001 Triple Compliance (Agentic AI Context)

Practical reality for Turkish companies: KVKK alone is not enough. For companies offering agentic AI to the EU market in particular, EU AI Act obligations (FRIA, Article 27) apply additionally.

<comparison-table data-caption="KVKK + EU AI Act + ISO 42001 — Agentic AI Triple Mapping" data-headers="[&quot;Obligation&quot;,&quot;KVKK Agentic AI Guidance&quot;,&quot;EU AI Act&quot;,&quot;ISO 42001&quot;]" data-rows="[{&quot;feature&quot;:&quot;Risk Assessment&quot;,&quot;values&quot;:[&quot;DPIA + 15 questions&quot;,&quot;FRIA (Article 27) + Risk Management (Article 9)&quot;,&quot;Risk management process (clause 6.1)&quot;]},{&quot;feature&quot;:&quot;Autonomous Decision&quot;,&quot;values&quot;:[&quot;Article 11 — objection right&quot;,&quot;Article 14 — human oversight&quot;,&quot;Clause 8.1 — operational control&quot;]},{&quot;feature&quot;:&quot;Responsibility Allocation&quot;,&quot;values&quot;:[&quot;Article 3 — controller/processor&quot;,&quot;Provider/Deployer (Article 25)&quot;,&quot;Process owners (clause 5.3)&quot;]},{&quot;feature&quot;:&quot;Human Oversight&quot;,&quot;values&quot;:[&quot;Article 11 + Guidance Step 6&quot;,&quot;Article 14 — human oversight&quot;,&quot;Clause 8.1 — control points&quot;]},{&quot;feature&quot;:&quot;Audit Trail&quot;,&quot;values&quot;:[&quot;Article 12 + Guidance Step 7&quot;,&quot;Article 12 — logging&quot;,&quot;Clause 9 — performance evaluation&quot;]},{&quot;feature&quot;:&quot;Cascading Failure&quot;,&quot;values&quot;:[&quot;Guidance Section B — cascading data&quot;,&quot;Article 9 — risk management lifecycle&quot;,&quot;Clause 10 — continual improvement&quot;]},{&quot;feature&quot;:&quot;Transparency&quot;,&quot;values&quot;:[&quot;Privacy notice + Guidance&quot;,&quot;Article 13 + Article 50&quot;,&quot;Clause 7.4&quot;]}]"></comparison-table>

### 7.1. Building a Single AI Management System (AIMS)

ISO 42001 AIMS can serve as a unifier across all three frameworks. Practical approach:

1. **Single AI risk register** — KVKK DPIA, AI Act FRIA, and ISO 42001 risk assessment in one system.
2. **Single audit trail platform** — KVKK Article 12 + AI Act Article 12 + ISO 42001 Clause 9 logs on one platform.
3. **Single incident response process** — KVKK 72 hours + AI Act 15 days + ISO 42001 corrective action combined.

### 7.2. ISO 42001 AIMS Certification Process

ISO 42001:2023 certification stages:

1. **Preparation (4-8 weeks).** Existing process inventory, gap analysis, draft AIMS policy.
2. **AIMS implementation (8-16 weeks).** Policy, procedure, recording structure, responsibility matrix, training program.
3. **Internal audit (2-4 weeks).** Internal team or external consultant.
4. **Management review (1-2 weeks).** Executive approval.
5. **Accredited certification body audit (2-4 weeks).** TÜV, BSI, DNV, DEKRA.
6. **Certification (2-4 weeks).** Closing findings, issuing certificate.
7. **Annual surveillance audits (continuous).** Continual conformity testing.

### 7.3. Turkish Data Protection Regulation Reform (2024-2026)

Amendments to Türkiye's Law No. 6698 (2024 and 2025) are critical in the agentic AI context:

1. **International Transfers (Article 9 amendment, 2024).** No EU-Türkiye adequacy decision yet, but **Standard Contractual Clauses (SCC)** make international transfer more flexible.
2. **Anonymization (new Article 28).** Anonymized data falls outside the law; but anonymization technique adequacy is monitored.
3. **VERBIS Registration Exemptions.** Some SMEs are exempt from registration, but agentic AI systems' registration obligation is **retained**.
4. **Maximum Fine (2025 update).** Maximum fine raised to TRY 50M.

For Turkish companies, the anonymization layer significantly reduces KVKK risk. If the data sent to the foundation model is **anonymized**, most KVKK obligations are mitigated.

### 7.4. Turkish AI Regulatory Landscape (As of March 2026)

KVKK Agentic AI Guidance is not alone; Türkiye's AI regulatory landscape consists of 7 elements as of 2026:

1. **KVKK Law No. 6698 (2016).** Core personal data protection law.
2. **KVKK Generative AI Guidance (September 2024).** Chatbots, content generation, conversation assistants.
3. **KVKK Agentic AI Guidance (March 2026).** Agentic AI systems.
4. **BDDK AI in Banking Circular (May 2025).** Sectoral regulation.
5. **SPK AI in Capital Markets Guidance (October 2025).** Investment advisory AIs.
6. **TÜBİTAK Turkish AI Strategy (2025-2030).** Sectoral capacity building.
7. **Turkish AI Law Draft (expected late 2026).** A national law based on the EU AI Act.

Most critical observation: when Türkiye's own AI law arrives, it is expected to be **largely aligned with the EU AI Act**. Therefore, today's investment in EU AI Act compliance also significantly satisfies the future Turkish AI Law.

## 8. Case Studies (Anonymized)

### Case 1 — Turkish Bank: Customer Service Chatbot Agent

**Problem.** A Turkish bank made its chatbot "agentic" in Q4 2025. The chatbot can now read customer balance, pay bills, propose card limit increases. After the KVKK Agentic AI Guidance was published in March 2026, the DPO applied the 15 questions and found **6 major gaps**.

**Gaps.**
1. The chatbot reads **other banks' balance** (Open Banking API) but a separate privacy notice was missing.
2. Cascading failure — chatbot sometimes decided "for the wrong customer" (session crossover).
3. Foundation model in OpenAI US — cross-border transfer basis missing.
4. Audit log only 30 days — KVKK requires 10 years.
5. DPIA was for the chatbot's 6-month-old version; not updated for the agent version.
6. Executive approval missing.

**Solution.** A 4-month compliance project: (1) Privacy notice updated, additional explicit consent collected; (2) Session isolation strengthened; (3) Transitioned to Anthropic Frankfurt (cross-border risk reduced); (4) Audit log retention extended to 10 years; (5) DPIA fully rewritten (15-question format); (6) Board Risk Committee approval.

**Result.** "Compliant" classification in KVKK audit November 2026. Total investment: 2.8M TRY. The chatbot agent remained in production, with 3 sub-processor DPAs newly signed.

### Case 2 — Turkish E-commerce: Sales Assistant Agent

**Problem.** The company built a "personal sales assistant" agent — accessing the user's purchase history, browsing trail, and customer service messages; recommending products and using persuasion techniques for cart completion. Post-2026 DPO review identified 4 critical risks.

**Risks.**
1. **Manipulative AI border (KVKK + EU AI Act Article 5).** Some persuasion strategies edged toward manipulation.
2. **Autonomous decision — price change.** The agent could offer personalized X% discounts; this falls under KVKK Article 11.
3. **Untraceable leakage.** Agent revealed old user data in another user's query — caught in logs.
4. **DPIA missing for tool calls.** Agent invoked 8 tools (CRM, email, SMS, payment) — each needed its own DPIA.

**Solution.** (1) Persuasion strategies redesigned, manipulation-crossing techniques removed; (2) "Why this offer?" button on price offers; (3) Cross-tenant audit weekly automated; (4) Micro-DPIA per tool + single agent-DPIA update.

**Result.** Customer complaints down 38%. Conversion rate barely changed (-0.4%). Zero non-compliance in KVKK audit. Total investment: 950K TRY.

### Case 3 — Turkish Insurance: Claim Assessment Agent

**Problem.** Insurance company built an agent automating claim assessment. Agent accesses customer claim history, social media (risky profile detection), photos, and expert reports. The "autonomous decision" threshold in the guidance is critical — the agent could **reject claims on its own**.

**Solution.**
1. **Autonomy threshold set to 0.** Agent **cannot decide**, only **suggests**. A human expert makes the final decision.
2. **Social media data removed.** Legal basis for that data was questionable (Article 5).
3. **Explainability report.** Each claim assessment narrates "agent based its suggestion on 5 reasons."
4. **User objection rights.** Customer can request human re-review (Article 11).
5. **KVKK prior consultation.** As a high-risk case, prior notification to the KVKK Board with opinion obtained.

**Result.** Claim assessment time reduced from 5 days to 18 hours (without compromising human-expert quality). Customer objection rate 2% — most differences are minor between agent suggestion and human decision. **Favorable opinion** from KVKK Board, setting a sector precedent.

## 9. DPO Practical Checklist

Before an agentic AI system goes to production, DPO must complete:

**Documentation & Governance**
- [ ] 15-question assessment completed
- [ ] 7-step DPIA finalized
- [ ] VERBIS updated — including each cascading data processing step
- [ ] Privacy notice updated (agent use, tool inventory, cross-border)
- [ ] Sub-processor DPAs signed (foundation model + agent orchestrator)
- [ ] Executive approval (DPO + CIO/CISO + General Counsel)

**Technical Controls**
- [ ] PII firewall (input + output)
- [ ] Session isolation (cross-tenant test passed)
- [ ] Cascading failure test (max-N step, confidence threshold)
- [ ] Audit log (10-year retention, KVKK Article 12)
- [ ] Cross-border transfer basis (adequacy, BCR, explicit consent, contract)
- [ ] User control panel (access, rectify, erasure, objection — Article 11)

**Continuous Monitoring**
- [ ] Monthly behavior drift test
- [ ] Quarterly risk score update
- [ ] Annual full DPIA review
- [ ] Breach notification procedure (72 hours) tested
- [ ] Complaint channel (web form, email) functional

## 10. Risks and Common Mistakes

<callout-box data-variant="warning" data-title="Common Mistakes in Agentic AI DPIAs">

1. **Applying classic chatbot DPIA to an agent.** Chatbot DPIA was for a single LLM call; agents make N calls — DPIA does not reflect this.
2. **Leaving tools out of DPIA.** Each tool call is a separate processing activity. Eight-tool agent needs 8 micro-DPIAs + one master DPIA.
3. **Treating the foundation model as a "black box" outside DPIA.** True, but "black box" assumption requires mitigation measures at each step.
4. **Treating cascading failure as merely a "performance" issue.** It's a KVKK violation. Wrong data to wrong person = Article 4 accuracy + Article 12 security violation.
5. **Treating cross-border transfer as one-time approval.** OpenAI/Anthropic can change sub-processors with each update. Monthly review required.
6. **Treating DPIA as a static Word document.** Agentic AI is dynamic; DPIA is a living monitoring system.
7. **Bypassing executive approval.** Step 7 of guidance — bypass = presumption of negligence.

</callout-box>

## 11. Frequently Asked Questions

<callout-box data-variant="answer" data-title="I make a single LLM API call — is this an agent?">

No. A single LLM call is **generative AI** category. To be an agent, the system must have **multi-step planning + tool usage**. The boundary is fuzzy but the 2026 KVKK guidance sets a practical rule: if the system **writes to or modifies external systems or uses chains of multiple LLM calls**, it falls under the agent category.

</callout-box>

<callout-box data-variant="answer" data-title="Is the foundation model provider DPA enough for KVKK?">

No, not alone. A DPA establishes the processor-controller relationship but your **deployer obligations for DPIA, VERBIS, breach notification** continue. The DPA is just one piece of contractual basis.

</callout-box>

<callout-box data-variant="answer" data-title="My agent sends emails on my behalf; is this in KVKK scope?">

Yes. Each email sent by the agent = a processing activity. Recipient = data subject. Privacy notice, legal basis, retention, opt-out apply. Practical effect: **don't treat agent emails as classic email automation outside the DPIA**.

</callout-box>

<callout-box data-variant="answer" data-title="The agent made a decision I didn''t know about and harmed the customer. Who is responsible under KVKK?">

You are — you are the data controller. The foundation model provider is only a processor **on your instructions**. Same for agent orchestrator. **Direct KVKK liability to the customer is yours**. You have contractual recourse against sub-processors, but your obligation to the KVKK Board is first-line.

</callout-box>

<callout-box data-variant="answer" data-title="Do I need to rewrite DPIA after every update?">

Not a full rewrite — a **delta update**. The guidance specifies trigger events: (1) Foundation model change (Claude Opus 4.7 → 4.8), (2) New tool added, (3) Data category change, (4) After a serious incident. If any trigger applies, update DPIA delta; otherwise an annual full review suffices.

</callout-box>

<callout-box data-variant="answer" data-title="When do I need to do KVKK prior consultation?">

Required under Article 38 for high-risk cases. Practical threshold: (1) Agent makes autonomous legal/financial decisions (credit, insurance, termination), (2) Special category data (health, biometrics) is processed, (3) New technology type (e.g., fully-autonomous agent for the first time). Consultation cycle is 8 weeks — include it in planning.

</callout-box>

<callout-box data-variant="answer" data-title="Cascading failure example — how is it detected in real life?">

Example: Bank chatbot agent; Customer A says "increase my card limit"; Agent looks up A's profile (correct); Agent uses another tool for income verification but uses the wrong customer ID (Customer B's income); Result: A receives a limit increase based on B's income (wrong decision). Detection: Automated check in audit logs catching ID inconsistency. Mitigation: ID verification before each tool call.

</callout-box>

## 11.9. KVKK Board's Past Agent-Related Rulings (Precedent Analysis)

Some 2025-2026 KVKK rulings are precedents for agentic AI practitioners:

### Ruling 1: Banking Chatbot (September 2025)

- **Event:** A private bank's chatbot returned "Show my credit card limit" by **showing another customer's data**.
- **KVKK Finding:** Article 12 (data security) violation. Missing session isolation, insufficient audit log.
- **Penalty:** TRY 14M.
- **Lesson:** Cross-tenant testing is absolutely mandatory before agent deployment.

### Ruling 2: E-commerce AI (December 2025)

- **Event:** An e-commerce firm fed **ethnic origin** to product recommendation AI — bias emerged.
- **KVKK Finding:** Article 6 (special category data) and Article 4 (general principles — unfairness) violations.
- **Penalty:** TRY 8M + system suspension order.
- **Lesson:** Special-category-data feeding to AI is the most sensitive area — always justified notification and explicit consent.

### Ruling 3: Health AI (March 2026, concurrent with the guidance)

- **Event:** A health-tech firm used patient data **without anonymization** in foundation model calls.
- **KVKK Finding:** Article 9 (international transfer) + Article 6 (special category) violations.
- **Penalty:** TRY 22M + permanent system suspension.
- **Lesson:** Anonymization for health data is MANDATORY; even inference is unacceptable.

### Ruling 4: HR-tech AI (April 2026, after the guidance)

- **Event:** An HR-tech SaaS systematically scored women lower in CV screening (training data bias).
- **KVKK Finding:** Article 4 (general principles — equality) + Article 11 (automated decision-making) violations.
- **Penalty:** TRY 18M + system redesign order.
- **Lesson:** Bias audit monthly; training data regularly cleaned.

## 11.10. Multi-Jurisdictional Agentic AI

For Turkey-headquartered companies operating in multiple jurisdictions:

### Scenario: Turkish SaaS, Multiple Markets

A Turkish SaaS company:
- Located in Türkiye
- Sells in EU (AI Act)
- Sells in US (CCPA, CPRA, sectoral)
- Sells in UK (UK GDPR, AI Bill of Rights)
- Sells in Brazil (LGPD)

This company's agentic AI system requires not a single DPIA, but a **multi-jurisdictional compliance matrix**.

### Practical Approach

1. **Anchor on the strictest jurisdiction.** EU AI Act + KVKK Agentic AI Guidance is typically the highest standard.
2. **Single DPIA + jurisdictional addenda.** Master DPIA and 5-10 page addenda per jurisdiction.
3. **Single incident response procedure.** Plan against the shortest notification window (KVKK 72 hours).
4. **Single audit trail platform.** Common for all jurisdictions.
5. **Local counsel.** Retainer with a law firm in each major market.

## 12. Next Steps: 8-Week Agentic AI Compliance Roadmap

To complete KVKK Agentic AI Guidance compliance:

1. **AI System Inventory (Week 1).** List all agentic AI systems. Classify "agent vs. generative AI."
2. **15-Question Assessment (Weeks 2-3).** Written responses to 15 questions per agent.
3. **7-Step DPIA Template (Weeks 3-5).** Full DPIA per agent. Collect vendor sub-processor DPAs.
4. **Technical Mitigation Implementation (Weeks 4-7).** PII firewall, session isolation, audit log retention, cross-border controls.
5. **VERBIS Update (Week 6).** Each cascading data processing step detailed in VERBIS.
6. **Privacy Notice Update (Week 7).** Tool inventory, cross-border, retention added.
7. **Executive Approval + Continuous Monitoring Plan (Week 8).** Board Risk Committee approval, monthly/quarterly monitoring calendar, breach notification procedure tested.

Reach out via the contact form on the site.

### 12.1. Closing: KVKK's AI Governance Vision

The KVKK Agentic AI Guidance, together with the September 2024 Generative AI Guidance, forms the foundation of Türkiye's AI governance architecture. A Turkish AI Law expected in 2027 likely incorporates:

1. AI system classification (based on the EU AI Act).
2. Type approval process for high-risk systems (CE marking analog).
3. AI Ethics Board (under the Presidency).
4. Coordination with sectoral regulators (BDDK, EPDK, RTÜK).
5. Mandatory AI literacy.
6. Mandatory AI labeling (for deepfakes, generative content).

The practical message for Turkish companies: **today's compliance with KVKK Agentic AI Guidance covers ~70% of future Turkish AI Law compliance**. Companies that act early can navigate regulatory transitions painlessly.

### 12.2. DPO Professional Development

DPO is not yet legally mandated in Türkiye, but in the agentic AI era it has become a **de facto necessity**. Areas of professional development for DPOs:

1. **AI fundamentals.** How foundation models work, agent frameworks, RAG, the differences with fine-tuning.
2. **Ethical AI principles.** Council of Europe AI Convention, OECD AI Principles, UNESCO AI Recommendation.
3. **Parallel legal reading.** AI Act + KVKK + ISO 42001 + Turkish legal doctrine.
4. **Technical audit.** Bias audit, faithfulness eval, adversarial testing.
5. **Vendor management.** DPA negotiation, sub-processor tracking, vendor risk scoring.
6. **Incident management.** From detection to notification.

In Türkiye, the **DPO Academy** (KVKK-supported), **IAPP CIPM/CIPP**, and **ISACA CDPSE** are popular certifications.

<references-list data-items="[{&quot;title&quot;:&quot;KVKK Agentic AI Guidance (March 2026)&quot;,&quot;url&quot;:&quot;https://www.kvkk.gov.tr/Icerik/etken-ai-rehberi&quot;,&quot;author&quot;:&quot;Republic of Türkiye - KVKK&quot;,&quot;publishedAt&quot;:&quot;2026-03-12&quot;,&quot;publisher&quot;:&quot;KVKK&quot;},{&quot;title&quot;:&quot;KVKK Generative AI Guidance (September 2024)&quot;,&quot;url&quot;:&quot;https://www.kvkk.gov.tr/Icerik/uretken-ai-rehberi&quot;,&quot;author&quot;:&quot;Republic of Türkiye - KVKK&quot;,&quot;publishedAt&quot;:&quot;2024-09-22&quot;,&quot;publisher&quot;:&quot;KVKK&quot;},{&quot;title&quot;:&quot;Law No. 6698 on the Protection of Personal Data&quot;,&quot;url&quot;:&quot;https://www.kvkk.gov.tr/Icerik/2036/6698-Sayili-Kanun&quot;,&quot;author&quot;:&quot;Republic of Türkiye - KVKK&quot;,&quot;publishedAt&quot;:&quot;2016-04-07&quot;,&quot;publisher&quot;:&quot;KVKK&quot;},{&quot;title&quot;:&quot;KVKK Article 11 — Rights of the Data Subject&quot;,&quot;url&quot;:&quot;https://www.kvkk.gov.tr/Icerik/2034/Sik-Sorulan-Sorular&quot;,&quot;author&quot;:&quot;KVKK&quot;,&quot;publishedAt&quot;:&quot;2016&quot;,&quot;publisher&quot;:&quot;KVKK&quot;},{&quot;title&quot;:&quot;KVKK Article 12 — Data Security Obligations&quot;,&quot;url&quot;:&quot;https://www.kvkk.gov.tr/Icerik/madde-12&quot;,&quot;author&quot;:&quot;KVKK&quot;,&quot;publishedAt&quot;:&quot;2016&quot;,&quot;publisher&quot;:&quot;KVKK&quot;},{&quot;title&quot;:&quot;VERBIS — Data Controllers&apos;&apos; Registry Information System&quot;,&quot;url&quot;:&quot;https://verbis.kvkk.gov.tr/&quot;,&quot;author&quot;:&quot;KVKK&quot;,&quot;publishedAt&quot;:&quot;2018&quot;,&quot;publisher&quot;:&quot;KVKK&quot;},{&quot;title&quot;:&quot;Mondaq Turkey — Generative AI and Data Protection in Turkey&quot;,&quot;url&quot;:&quot;https://www.mondaq.com/turkey/new-technology&quot;,&quot;author&quot;:&quot;Mondaq&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;Mondaq&quot;},{&quot;title&quot;:&quot;Gün + Partners — AI and Data Protection&quot;,&quot;url&quot;:&quot;https://gun.av.tr/&quot;,&quot;author&quot;:&quot;Gün + Partners&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;Gün + Partners&quot;},{&quot;title&quot;:&quot;KPMG Turkey — KVKK and AI Compliance&quot;,&quot;url&quot;:&quot;https://kpmg.com/tr/tr/home.html&quot;,&quot;author&quot;:&quot;KPMG Turkey&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;KPMG&quot;},{&quot;title&quot;:&quot;PwC Turkey — AI Regulation&quot;,&quot;url&quot;:&quot;https://www.pwc.com.tr/&quot;,&quot;author&quot;:&quot;PwC Turkey&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;PwC&quot;},{&quot;title&quot;:&quot;EU AI Act Article 27 — Fundamental Rights Impact Assessment&quot;,&quot;url&quot;:&quot;https://artificialintelligenceact.eu/article/27/&quot;,&quot;author&quot;:&quot;European Commission&quot;,&quot;publishedAt&quot;:&quot;2024&quot;,&quot;publisher&quot;:&quot;EU&quot;},{&quot;title&quot;:&quot;ISO/IEC 42001:2023 — AI Management Systems&quot;,&quot;url&quot;:&quot;https://www.iso.org/standard/81230.html&quot;,&quot;author&quot;:&quot;ISO&quot;,&quot;publishedAt&quot;:&quot;2023-12&quot;,&quot;publisher&quot;:&quot;ISO&quot;},{&quot;title&quot;:&quot;EDPB Guidelines on Automated Decision-Making&quot;,&quot;url&quot;:&quot;https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en&quot;,&quot;author&quot;:&quot;EDPB&quot;,&quot;publishedAt&quot;:&quot;2020&quot;,&quot;publisher&quot;:&quot;EDPB&quot;},{&quot;title&quot;:&quot;OpenAI Data Processing Agreement&quot;,&quot;url&quot;:&quot;https://openai.com/policies/data-processing-addendum/&quot;,&quot;author&quot;:&quot;OpenAI&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;OpenAI&quot;},{&quot;title&quot;:&quot;Anthropic Data Processing Agreement&quot;,&quot;url&quot;:&quot;https://www.anthropic.com/legal/dpa&quot;,&quot;author&quot;:&quot;Anthropic&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;Anthropic&quot;},{&quot;title&quot;:&quot;LangChain Data Processing Notes&quot;,&quot;url&quot;:&quot;https://www.langchain.com/security&quot;,&quot;author&quot;:&quot;LangChain&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;LangChain&quot;},{&quot;title&quot;:&quot;NIST AI Risk Management Framework&quot;,&quot;url&quot;:&quot;https://www.nist.gov/itl/ai-risk-management-framework&quot;,&quot;author&quot;:&quot;NIST&quot;,&quot;publishedAt&quot;:&quot;2024&quot;,&quot;publisher&quot;:&quot;NIST&quot;},{&quot;title&quot;:&quot;OECD AI Principles&quot;,&quot;url&quot;:&quot;https://oecd.ai/en/ai-principles&quot;,&quot;author&quot;:&quot;OECD&quot;,&quot;publishedAt&quot;:&quot;2019&quot;,&quot;publisher&quot;:&quot;OECD&quot;},{&quot;title&quot;:&quot;CNIL — Recommendations on AI Systems&quot;,&quot;url&quot;:&quot;https://www.cnil.fr/en/artificial-intelligence&quot;,&quot;author&quot;:&quot;CNIL&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;CNIL France&quot;},{&quot;title&quot;:&quot;ICO — Guidance on AI and Data Protection&quot;,&quot;url&quot;:&quot;https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/&quot;,&quot;author&quot;:&quot;ICO&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;ICO UK&quot;},{&quot;title&quot;:&quot;Garante Italiano — AI Guidance&quot;,&quot;url&quot;:&quot;https://www.gpdp.it/temi/intelligenza-artificiale&quot;,&quot;author&quot;:&quot;Garante&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;Italy DPA&quot;},{&quot;title&quot;:&quot;BDDK — Open Banking Regulation (Turkey)&quot;,&quot;url&quot;:&quot;https://www.bddk.org.tr/&quot;,&quot;author&quot;:&quot;BDDK&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;Türkiye&quot;},{&quot;title&quot;:&quot;Banks Association of Turkey — AI and Data Protection&quot;,&quot;url&quot;:&quot;https://www.tbb.org.tr/&quot;,&quot;author&quot;:&quot;TBB&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;TBB&quot;},{&quot;title&quot;:&quot;Insurance Association of Turkey&quot;,&quot;url&quot;:&quot;https://www.tsb.org.tr/&quot;,&quot;author&quot;:&quot;TSB&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;TSB&quot;},{&quot;title&quot;:&quot;Stanford HAI — Agentic AI Research&quot;,&quot;url&quot;:&quot;https://hai.stanford.edu/&quot;,&quot;author&quot;:&quot;Stanford HAI&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;Stanford&quot;},{&quot;title&quot;:&quot;Anthropic — Constitutional AI and Safety&quot;,&quot;url&quot;:&quot;https://www.anthropic.com/research&quot;,&quot;author&quot;:&quot;Anthropic&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;Anthropic&quot;},{&quot;title&quot;:&quot;OpenAI Agents SDK Documentation&quot;,&quot;url&quot;:&quot;https://platform.openai.com/docs/guides/agents&quot;,&quot;author&quot;:&quot;OpenAI&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;OpenAI&quot;},{&quot;title&quot;:&quot;Google Cloud — Agent Builder&quot;,&quot;url&quot;:&quot;https://cloud.google.com/vertex-ai/docs/agent-builder&quot;,&quot;author&quot;:&quot;Google Cloud&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;Google&quot;},{&quot;title&quot;:&quot;Microsoft AutoGen Documentation&quot;,&quot;url&quot;:&quot;https://microsoft.github.io/autogen/&quot;,&quot;author&quot;:&quot;Microsoft&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;Microsoft&quot;},{&quot;title&quot;:&quot;Berkman Klein Center — AI Governance Research&quot;,&quot;url&quot;:&quot;https://cyber.harvard.edu/topics/artificial-intelligence&quot;,&quot;author&quot;:&quot;Berkman Klein&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;Harvard&quot;},{&quot;title&quot;:&quot;Future of Privacy Forum — Agentic AI Briefings&quot;,&quot;url&quot;:&quot;https://fpf.org/&quot;,&quot;author&quot;:&quot;FPF&quot;,&quot;publishedAt&quot;:&quot;2025&quot;,&quot;publisher&quot;:&quot;FPF&quot;}]"></references-list>

---

This is a living document; updates to KVKK guidance, EU AI Act delegated acts, and ISO 42001 revisions can change quarterly, so it is **updated quarterly**.

### Closing: Türkiye's Agentic AI Future

The KVKK Agentic AI Guidance positioned Türkiye among the **first few countries in the world to regulate agentic AI** in a structured way. This is an area where Turkish companies can leverage **early-mover advantage** in global competition. Companies compliant with the guidance:

1. Compete directly in the EU market as AI Act compliant providers.
2. Earn **trust** from citizens in the domestic market.
3. Present a **maturity indicator** to investors.
4. Are **ready** for the forthcoming Turkish AI Law.
5. Engage **proactively** with the global AI governance landscape.

In the 2026-2030 agentic AI growth cycle, Turkish companies that comply with the guidance today will be tomorrow's leaders.