Do I have to register with IYS to send commercial messages?

Yes. The article states that individuals or legal entities that are not registered in IYS cannot legally send commercial electronic messages.

Which channels are covered?

Which channels are covered?The page lists common channels such as SMS, email, phone calls (call centers/automated calls), fax, and voice-message systems. It also notes some content types that fall outside the regulation scope (e.g., gambling/betting, adult chat, fraud, political content).

Which messages require prior consent?

As a general rule, you must obtain prior consent before sending commercial electronic messages. The article gives examples like promotions, campaigns, discounts, marketing, and advertising messages.

Are there messages that can be sent without prior consent?

The page lists limited exceptions, including messages sent to merchants/tradespeople, service-related notifications tied to an existing service relationship, subscription/membership/transactional notifications (collection, debt reminders, delivery, etc.), and certain informational messages under capital markets rules.

How long do consent records need to be retained?

The page notes that all consents and opt-outs are timestamped in IYS, and that (with the updated regulation mentioned in the article) service providers are required to retain consent records for three years.

How can I transfer permissions into IYS?

Once your IYS account is active, the article lists options such as bulk upload via .CSV, manual entry one-by-one, and technical integration through services such as API / Excel / XML.

What happens if you send messages without consent?

The article states that sending commercial messages without consent can result in administrative fines under Law No. 6563, and mentions that in bulk sending scenarios the fine may increase up to 10x.

How can Makdos help with IYS?

The page positions Makdos as an official IYS integrator that supports businesses through the process (from transferring permissions to simplifying permission management and compliance workflows).

What is IYS (Message Management System)? A Practical Guide

Q: What is IYS (Message Management System)?

IYS is Turkiye’s national database where service providers record commercial messaging permissions. It centralizes consent management and lets recipients review and manage their permissions (including rejection/complaint rights).

Q: What counts as a “commercial electronic message”?

Commercial electronic messages include messages sent for commercial purposes via phone, email, SMS, or automated messaging systems such as promoting a product/service or keeping the brand top-of-mind. Even celebratory messages (e.g., holidays/birthdays) may be treated as commercial if they aim to highlight the brand.

If you are an SME, an e-commerce brand, an agency managing campaigns, or a legal team, IYS affects how you collect consent. It also defines how you store proof and how fast you must process opt-out requests. In other words: IYS is not only “a system you register to,” it is a compliance workflow you need to run correctly every day.

This guide explains the fundamentals step by step. It covers what IYS is, its legal background, message types, consent rules, and opt-out processes. It also explains practical registration and integration options.

We also highlight common mistakes that put brands at risk. In addition, we show how professional integration support can simplify the process.

Ministry of Trade IYS information page

What Is IYS and What Is Its Purpose?

IYS (Message Management System) regulates commercial electronic communications. It creates a legal framework between businesses and consumers.

The core principle is simple. Businesses may send commercial messages only to recipients with valid consent. Recipients must have an easy way to withdraw that consent.

Definition of IYS

IYS is a national database where service providers record their commercial messaging permissions. The system centralizes permission management and keeps records auditable. It allows recipients to see which brands have permission to contact them and through which channels.

From a business perspective, this means you need a structured way to:

- Collect consent in a valid format,

- Record it correctly in the system,

- Keep your permission lists updated,

- Stop messaging promptly when a recipient opts out.

From the recipient perspective, IYS supports transparency and control. Recipients can review permissions, revoke them, and start complaint processes when needed.

Why IYS Was Established

IYS securely archives consents obtained through electronic channels. It protects communication addresses and permission records. The system allows access when required.

Beyond recordkeeping, IYS also aims to:

- Reduce unwanted commercial messages,

- Bring permission management into one central platform,

- Protect both recipient and service provider rights,

- Make complaints easier to manage,

- Strengthen data security and overall trust in commercial communications.

Having consent is not sufficient. Businesses must manage permissions in a single, compliant workflow.

Legal Basis of IYS

IYS follows Turkey’s legal framework for commercial electronic messages. Law No. 6563 and related regulations form the main basis. The Ministry of Trade has played a key role in shaping the framework and the operating model. The system also supports centralized management of consents and opt-out rights.

This article is for general information only and does not provide legal advice. For case specific compliance decisions, consult qualified legal counsel.

Key Features of IYS

IYS provides several practical features that matter in day-to-day operations:

Centralized database : All commercial messaging permissions are stored in one national system.
Transparency: Recipients can see which service providers are authorized to contact them.
Opt-out capability: Recipients may revoke permissions at any time. The system records these revocations.
Complaint mechanism: IYS supports structured complaint handling for unwanted messages.
Integration options: Businesses can manage permissions through a web interface. They can also use technical integration based on their size and business needs.

For businesses that want to reduce manual work and improve compliance, professional integration helps. It turns IYS into a consistent and up-to-date workflow instead of a manual upload process.

Commercial Electronic Messages: Definition and Scope

Commercial electronic communication is one of the most effective marketing tools in modern business. But in Turkey, using channels like SMS, email, and call campaigns comes with rules especially around consent and opt-out rights. To understand IYS, you need to know what counts as a commercial electronic message and what is within scope.

Definition of a Commercial Electronic Message

Commercial electronic messages are defined in the legal framework and typically include communications sent for commercial purposes through electronic channels. A message may fall into this category if it promotes a product, markets a service, or supports brand awareness.

Some friendly (like holiday greetings or birthday messages) messages are commercial. This applies when the purpose is brand promotion or marketing.

Types of Commercial Electronic Messages

Commercial electronic messages can be delivered through multiple channels, including:

SMS (text messages)
Email
Phone calls (call centers or automated calling systems)
Fax
Voice message systems (automated voice recordings)

The relevant regulatory framework does not apply to some electronic communications. The main point, however, is that legitimate commercial messaging must follow the consent and opt-out rules.

👉 Makdos E‑Mail

If you use email campaigns for commercial communication, you should align compliance workflows with your corporate email infrastructure. This includes sender policies, access controls, and audit trails.

Messages That Require Prior Consent

As a rule, sending commercial electronic messages requires the recipient’s prior consent. Businesses can collect consent in writing or in electronic form.

Online consent must include the required details:

A clear affirmative intent (explicit “yes”),
The recipient’s name and surname,
The electronic communication address.

With electronic consent, you must inform the recipient about the right to opt out. You must provide this information on time.

Typical examples of messages that require prior consent include:

Promotions
Campaign announcements
Discounts
Marketing and advertising messages

Messages That Do Not Require Prior Consent (Exceptions)

The regulation framework recognizes limited scenarios where prior consent may not be mandatory. Common examples include:

Messages sent to merchants and tradespeople: Sometimes you do not need prior consent. The recipient still has the right to opt out. You may still need to report system records.
Notifications related to existing services: A person may share contact details to receive a service. Messages about service changes, use, or maintenance may not need extra consent.
Subscription and membership notifications: Some service-related messages are not marketing messages. Different rules apply to subscriptions, reminders, updates, and delivery notices.
Capital markets information: Some messages shared only for information are exceptions. This applies to capital markets service providers.

A practical habit: classify each outbound message as marketing or service/transactional before you send it.

Messages with promotional or brand-focused language are marketing messages. They require the strictest consent controls.

How the IYS System Works

IYS follows a structured operating principle for commercial electronic messaging. The system controls permission storage, rejection handling, and proof retention. Understanding the mechanics is essential especially if you manage multiple brands, multiple channels, or high-volume campaigns.

IYS Database Structure

IYS functions as a national database that records commercial messaging permissions. It helps service providers centralize permissions across call, SMS, and email channels. Recipients can view and revoke permissions on the platform.

A typical permission record includes:

Service provider information,
Recipient information and communication addresses,
Permission type (call, message, email),
Permission status (active or inactive),
Timestamp information.

IYS also supports the infrastructure needed for complaint management and public audits. This makes data integrity and accuracy a compliance requirement.

Consent Management Process

Consent management is one of the core functions of IYS and usually follows this flow:

The service provider collects valid consent from the recipient.
The service provider records the consent in the IYS database using its IYS account.
Permissions must remain synchronized, as recipients can revoke them at any time.
Permissions collected outside IYS require timely recording. Late records can make the permission invalid.

In practical terms, this means your internal CRM, marketing tools, and campaign lists must reflect IYS status consistently.

To increase message reach and lower compliance risk, refresh IYS permission lists before every campaign or announcement. Outdated lists can increase failed delivery rates and create unnecessary legal exposure.

If you collect consent outside IYS (e.g., web forms, POS, call center, marketplace flows), make sure it is recorded in IYS within 3 business days. Treat this as an regular SLA, not an occasional cleanup task.

Opt-Out / Rejection Mechanism

Recipients can revoke their permissions whenever they choose. Opt-out may be exercised through multiple channels, such as:

The IYS website or mobile app,
A service provider’s own opt-out mechanism,
An opt-out link included within the message.

Once a recipient opts out, the service provider must stop sending commercial messages within the required timeframe. Recipients can revoke permission through IYS, and the system forwards this revocation to the service provider on time. After delivery, the service provider must not send messages to the recipient.

Timestamping and Archiving

IYS records permissions and rejections with timestamps. This timestamping supports the legal validity of records and can serve as evidence in disputes.

IYS stores all consent and rejection records in a secure way. Service providers must retain records as proof of consent. For this reason, structured archiving and consistent logging are important for businesses that operate multiple systems and data sources.

To keep integrations compliant in real-world conditions, treat IYS data as a single source of truth. This approach works across multiple channels, tools, and teams. Sync the following items.

Recommended minimum data fields

Recipient identifier (phone/email)
Channel (SMS / email / call)
Consent status (active / inactive)
Consent timestamp
Consent source (form, call center, POS, etc.)
Brand/service provider identity
Opt-out timestamp (when applicable)

Integration approaches

Manual entry: Workable for very small volumes, but error-prone.
CSV bulk upload: Better for batch operations; still requires strict process discipline.
API-based integration: Best for ongoing operations; enables near real-time updates and two-way data updates.

Best practice for daily use

Make “opt-out processing” an automated workflow.
Keep audit logs for every permission change.
Regularly compare your CRM lists with IYS status.

IYS Application and Registration Process

Once you understand what IYS is and how it works, the next step is joining the system correctly. Registration is a practical step for service providers. Preparing documents and planning the permission import method in advance makes the process easier.

Application Steps for Service Providers

Service providers can apply through the official IYS portal. Typical application paths include:

Online application: Businesses with a MERSIS record can complete the application digitally using e-Devlet credentials.
E-signature application: You can apply online using the authorized signatory’s e-signature.
Physical application: Without an e-signature or MERSIS registration, the application may require physical submission with the required documents.

Foreign companies may face restricted application methods, which can require physical applications and extend timelines.

Required Documents and Information

Commonly required documents and information include:

Authorized signatory’s national ID number, corporate email, and mobile number
Service provider’s MERSIS number
Trademark/registration documents for all brands sending commercial messages
The IYS Basic Services Usage Undertaking (signed with e-signature where applicable)

To avoid delays, prepare these items before starting the application. If there is joint representation, remember that the undertaking may need additional signatures, depending on representation rules.

Importing Consents into IYS (CSV / Manual / API)

After your IYS account becomes active, you can transfer permissions into the system through multiple methods:

CSV file upload (bulk import)
One-by-one manual entry
Technical integration (API and supported data services)

In practice, the “best” method depends on your volume and business model. E-commerce businesses and agencies typically benefit from automation; smaller businesses might start with CSV and evolve over time.

To record a permission properly, you generally need:

Permission date
Communication channel (call, message, or email)
Consent source
Communication address

An official integrator can simplify registration and integration steps while reducing manual effort and process risk. This is particularly helpful for organizations managing multiple brands, systems, or frequent consent changes.

How Recipients Use IYS

Recipients (consumers) can manage their permissions through IYS. Common actions include:

Revoking previously granted permissions
Granting new permissions
Using the interface to complete actions easily
Exercising opt-out rights and starting complaint processes where relevant

This transparency creates a healthier communication environment for both parties: businesses can run compliant campaigns, and recipients maintain control over their communication preferences.

Key Things to Watch Out for When Using IYS

Knowing “what IYS is” is only part of the story. Compliance success depends on daily operations, including consent collection, proof storage, regular data updates, and timely opt-out handling.

Legal Obligations and Penalties

Failing to comply with the applicable legal requirements can lead to administrative penalties. Missing consent can lead to penalties. Ignoring opt-out obligations can increase those penalties significantly.

Bulk campaigns can increase risk exposure. Validating permission lists is essential, and messaging must stop immediately after opt-out signals.

Businesses often overlook the need to process and report opt-out notices within the required timelines. Treat these timelines as strict process requirements.

One of the highest-risk practices is bundling consent into contracts without a clear opt-out right. Another risky practice is making marketing consent a condition for receiving a product or service. This creates both compliance exposure and customer trust issues.

Data Security and Privacy

Permission data includes personal contact information and records of consent—both of which must be handled securely. Businesses must protect personal data, prevent unauthorized access, and maintain records suitable for lawful processing and audits.

From a risk management point of view, data security is not only a legal requirement. It protects your brand reputation. Strong access controls, logging, and secure infrastructure help prevent accidental leaks or unauthorized use.

Organizations that process customer data at scale should align IYS processes with their overall security practices. This includes network security, access management, and monitoring.

Common Mistakes

Businesses commonly run into issues such as:

Not transferring permissions to IYS fully and correctly
Uploading incomplete or incorrect data
Sending messages without confirmed consent status
Using tools that do not synchronize properly with IYS requirements

In many cases, the root cause is process fragmentation. Different teams work with different data sets and different versions of permission records.

IYS Integration Solutions

A robust IYS setup is typically two-way and fully integrated:

When a customer opts out, the change should be reflected immediately across systems.
When IYS transmits an opt-out event, it should automatically update internal databases and campaign tools.

With the right integration design, businesses can reduce manual effort and improve customer experience. It also helps maintain compliance when permission lists change frequently.

IYS Compliance Steps

IYS (Message Management System) is a national database that enables commercial electronic messages to be managed under legal rules. As explained in this guide, the system benefits both service providers and recipients. It centralizes permission management, improves transparency, and supports structured opt-out and complaint processes.

From a business perspective, IYS compliance is not a “one-time registration.” It’s a living workflow:

- Register correctly as a service provider,

- Transfer permissions accurately,

- Keep consent status always up to date.,

- Process opt-outs within required timelines,

- Maintain timestamps and secure records,

- Treat data security as part of compliance, not a separate topic.

Makdos supports reliable execution of IYS processes as an official integrator. This approach reduces manual effort, improves reporting, and keeps workflows compliant, even for high-volume and multi-channel campaigns.

IYS is Turkey’s centralized permission management system for commercial electronic messages. When used correctly, it reduces unwanted messages and improves transparency. It also helps businesses prove consent, process opt-outs, and comply with legal requirements.

Makdos enables structured IYS integration without manual uploads or constant constant data checks.

👉 Makdos IYS (Message Management System)

What is IYS (Message Management System)?