--- title: "İYS Guide: Capturing, managing, and proving consent in Turkey" description: "How İYS (Turkey's commercial messaging consent registry) works: commercial vs informational, batch consent upload, the 3-business-day rule, and iletiMerkezi integration." slug: /en/docs/guides/iys-rehberi locale: en audience: general last_updated: 2026-04-30 target_queries: [iys turkey, turkey commercial sms consent, iys api, iys 3-day rule, turkey sms compliance] related: [toplu-sms-nedir, kvkk-sms, sms-basligi-nasil-alinir] alternates: tr: https://www.iletimerkezi.com/docs/guides/iys-rehberi en: https://www.iletimerkezi.com/en/docs/guides/iys-rehberi --- # İYS Guide: Capturing, managing, and proving consent in Turkey İYS (İleti Yönetim Sistemi — Commercial Messaging Consent Registry) is Turkey's national system where consent records for commercial electronic messages (SMS, e-mail, voice) are centrally stored; under Law No. 6563 on Electronic Commerce, every service provider sending **commercial** content must register the recipient's consent in İYS. Informational content (order confirmation, appointment reminder, OTP) is exempt. This guide explains the consent flow, the system's technical rules, and iletiMerkezi integration. ## TL;DR - İYS = Turkey's national commercial-messaging consent registry. Consent must be on file **before** you send commercial SMS. - **Informational SMS** (order, appointment, OTP, service alert) is exempt from İYS. - Consent must be registered in İYS within **3 business days** of being captured; late registration is subject to administrative fines. - Consent statuses: `ONAY` (allowed to send) or `RET` (sending forbidden). `RET` always overrides a prior `ONAY`. - At iletiMerkezi, consent is uploaded via the panel or the `iys-register` endpoint (up to 5,000 records per request); each send is preceded by `iys-check`. ## What is İYS, and why does it exist? İYS keeps a centralised record of "who messaged whom under which consent" for commercial communication in Turkey. When a recipient files a complaint, the Information and Communication Technologies Authority (BTK) and the Ministry of Trade audit the sender through this system. İYS is the **proof obligation**: you can only demonstrate that you had consent if it is registered there. İYS is operated by **MTS (Mesaj Yönetim Servisleri A.Ş.)**; BTK-licensed SMS providers like iletiMerkezi connect to the İYS API and register/query consent on their customers' behalf. ## Commercial vs informational İYS only applies to **commercial** content. The distinction is the most commonly confused part of compliance: | Type | İYS required? | Typical example | |---|---|---| | **Informational** | No | Order confirmation, shipping status, appointment reminder, OTP, service outage, invoice issuance | | **Commercial** | Yes | Discount announcement, campaign, product launch, loyalty programme, survey invitation | | **Mixed** | Yes (the message as a whole) | "Your order is on the way — also check our new collection" | **Rule of thumb:** if the message contains **any promotional or persuasive content meant to influence purchase, usage, or brand preference**, it is commercial and requires İYS consent. ## How consent is captured: web, call, paper The **source** of the consent is part of the record. iletiMerkezi supports the source codes below; coding the right source is critical for the legal evidence chain: | Source code | Meaning | |---|---| | `HS_WEB` | Web form, on-site checkbox | | `HS_FIZIKI` | Wet-signed paper contract or form | | `HS_ISMERKEZI` | Verbal consent in a call centre (recorded) | | `HS_EPOSTA` | Confirmation captured via e-mail | | `HS_MESAJ` | Confirmation captured via SMS | | `HS_FAKS` | Consent captured by fax | | `HS_OZNT` | Special-nature method (legal record) | | `HS_DIGER` | Other than the above | | `HS_TUKETICI` | Captured upon consumer request | | `HS_RET` | Opt-out record (recipient withdrew consent) | | `HS_TARAFIMA` | Recipient self-registered | | `HS_GENEL` | General acceptance | For consent to be **legally valid**, the form/channel must clearly inform the recipient, the wording must be unambiguous ("I consent to receive commercial electronic messages"), and pre-checked boxes are not allowed. ## The 3-business-day rule Once consent is captured, you must register it in İYS within **3 business days**. This window also applies to opt-outs (`RET`): if a recipient withdraws and you do not update the record in time, you carry the liability for any subsequent send. Practical flow with iletiMerkezi: 1. When the customer ticks the web form or says "yes" on a call, store the record locally. 2. Within the same day or by end of the next business day, batch-upload via `iys-register`. 3. Inspect `consentResult` in the response; queue any rejects/errors and retry just those records. ## ONAY and RET semantics In İYS, the **most recent record** for a recipient wins: - Recipient consented (`ONAY`), then opted out (`RET`) → **sending is forbidden** (latest `RET` wins). - Recipient opted out (`RET`), then re-consented (`ONAY`) → you may send, but archive how the new consent was captured. - A registered `RET` cannot be deleted unless the recipient consents again. Implementing this on the code side: validate with `iys-check` before each send; if you cache, set a max TTL of 1 hour because a `RET` can land at any time. ## Batch upload: 5,000-record cap and atomic behaviour `iys-register` accepts **1–5,000** consent records per request. The behaviour is **atomic**: if a single record in the list is invalid (out-of-enum `source`, missing date, malformed phone number), the **entire request is rejected**. So: - Validate format on your side before uploading. - On error, find the offending record from `consentResult`, fix only that record, and retry. - If your batch exceeds 5,000, chunk it on your side. See: [iys-register API](../api/iys-register.md), [iys-check API](../api/iys-check.md). ## Frequently asked questions **Q: Do I need İYS consent for OTP or order-confirmation SMS?** No. These are **informational** and out of scope. The recipient must, however, be informed (via your KVKK clarification text) that providing their phone means they will receive such notifications. **Q: A customer clicked "unsubscribe" — what now?** You have 3 business days to register a `status: RET` record via `iys-register`. After that, do not send commercial content to that number. At iletiMerkezi you can also block them at account level via `add-blacklist`. **Q: Does KVKK consent replace İYS consent?** No. KVKK governs the processing of personal data; İYS governs commercial messaging. Different legal frameworks, both required. See: [KVKK and SMS](./kvkk-sms). **Q: What happens if I send commercial SMS without consent?** Under Law No. 6563 and İYS regulations, administrative fines apply per recipient; amounts are revised annually and currently fall in the tens to hundreds of thousands TRY range. Repeat offences compound. **Q: Do test sends with the `APITEST` sender require İYS consent?** The `APITEST` sender is technically only deliverable to your own registered test number, so in practice it is moot. Once you go to production with real recipients, commercial-content rules apply. **Q: Does İYS apply to B2B messaging?** Yes. The law requires consent for commercial messaging **even when the recipient is a legal entity**; recipient type is recorded as `TACIR`. ## How to do it on iletiMerkezi Four options: - **Panel:** Settings → İYS — upload one-by-one or via Excel, query existing consents, process opt-outs. - **API (`iys-register`):** Up to 5,000 records per request. [iys-register endpoint](../api/iys-register.md). - **API (`iys-check`):** Verify a recipient's consent before sending. [iys-check endpoint](../api/iys-check.md). - **Inline with send-sms:** Pass `iys=1` together with the recipient list to `send-sms`; the platform validates consent and drops non-consented recipients automatically. [Sign up](https://panel.iletimerkezi.com/auth/signup) · [iys-register API](../api/iys-register.md) · [send-sms API](../api/send-sms.md) ## Related - [What is bulk SMS?](./toplu-sms-nedir) - [KVKK and SMS](./kvkk-sms) - [How to get an SMS sender ID](./sms-basligi-nasil-alinir) - [iys-register API](../api/iys-register.md) - [iys-check API](../api/iys-check.md)