ARTICLE
4 March 2026

The Evolution Of "Onsite" In The Digital Age: The Turkish Competition Authority's Spotify Decision And The Rise Of Functional Jurisdiction During Dawn Raids

KST LAW

Contributor

KST LAW logo

KST LAW is an independent Istanbul based full service corporate law firm in cooperation with Kinstellar.

We provide legal services relevant to all aspects of business in a wide variety of sectors. We operate to the highest international standards in managing cross border transactions or investments and providing practical and creative solutions to legal or regulatory issues.

KST LAW is proud to have an exceptional client base consisting some of the largest Turkish conglomerates, sector leaders in Turkey, multi-nationals, investment or private equity funds and financial institutions.

Explore Firm Details
February 2026 – In a decision that establishes a stern precedent for global digital platforms, the Turkish Competition Board (the "Board") has issued its ruling against Spotify for obstructing a dawn raid.
Turkey Media, Telecoms, IT, Entertainment
Sinan Diniz,Simru Tayfun, and Beyza Arlı
Sinan Diniz’s articles from KST LAW are most popular:
  • within Media, Telecoms, IT and Entertainment topic(s)
  • with readers working within the Metals & Mining industries

February 2026 – In a decision that establishes a stern precedent for global digital platforms, the Turkish Competition Board (the “Board”) has issued its ruling against Spotify for obstructing a dawn raid.1 While the financial penalties are noteworthy, the decision's true significance lies in the Board's explicit confirmation that an absence of material presence (premises, local employees, or physical servers) in Türkiye does not limit its investigative powers. This ruling formalises the Turkish Competition Authority's (“TCA”) mandate to conduct remote, extraterritorial inspections of digital footprints, provided those activities exert an “effect” on the Turkish market.

Anatomy of the Obstruction

The Board's finding of obstruction was not based on a single refusal, but on a documented timeline of non-cooperation throughout the day of the inspection:

  • Selective Access: While the inspection team arrived at 11:25 AM, Spotify officials maintained for nearly eight hours that they would only permit the inspection of employees they deemed “relevant”.
  • The Veto on Personnel: The TCA specifically requested access to the digital data of five key personnel identified through prior intelligence as the actual managers of the Turkish market. Spotify refused this request, arguing these individuals were based abroad and were not relevant to the local subsidiary's scope.
  • Strategic Delay: At 8:27 PM—approximately nine hours after the team's arrival—Spotify offered a “compromise” by allowing the inspection of one senior manager. The Board rejected this, noting that providing access to a single high-level executive responsible for multiple countries made locating Turkish-specific data significantly more difficult and did not remedy the prior hours of obstruction.
  • The Final Denial: At 8:35 PM, the undertaking's representatives explicitly issued a “No” to the inspectors' primary requests. The Board concluded that this sequence—waiting out the inspection team while refusing access to specific, pre-identified decision-makers—constituted a clear intent to hinder the TCA's evidence-gathering capabilities.

Physical vs. Functional Presence

Historically, a “dawn raid” was tethered to physical geography—inspectors walking through a literal door. Spotify, having transitioned to a regional management model and closing its Turkish office in 2022, operates in Türkiye as a virtual entity: commercially present but physically absent.

The Board has now clarified that for the purposes of Article 15 of Law No. 4054 on the Protection of Competition (“Law No. 4054”), an undertaking's “site” is defined by its operational nexus rather than its postal code. If a market is managed via a regional hub, the TCA deems that it may carry out inspections of the digital assets of regional employees who are involved in commercial activities affecting the Turkish market.

The “Shell Entity” vs. Economic Reality

The decision highlights a stark discrepancy between Spotify's local corporate presence and its actual economic footprint. The Board noted that while Spotify generates substantial revenue in Türkiye, less than 1% was reported through its local subsidiary, Spotify Dijital. The vast majority of operations were channelled through global units.

Reinforcing the economic unit and effects-based jurisdiction principles, the Board emphasised that if the TCA were restricted to inspecting passive local subsidiaries lacking technical infrastructure, the enforcement of Law No. 4054 would become illusory in the digital sector. In competition law, the local shell and the global headquarters are viewed as a single, indivisible entity.

Extraterritorial Access to Global E-mails

The decision confirms a “long-arm” investigative power that was previously a jurisdictional grey area. The TCA asserted—and enforced—the right to:

1. Demand Remote Access: Inspectors can require an undertaking to provide real-time, remote access to the e-mail accounts of employees who are not only outside the office but outside the country.

2. Target Transnational Personnel: The Board specifically identified five foreign-based employees whose communications were deemed essential. Crucially, documents obtained from music production companies such as Universal Music, Sony Music Entertainment, DMC Music, and Warner Music corroborated that these individuals were the primary decision-makers for Spotify's Turkish operations. Their foreign location did not shield their data from the TCA's scrutiny.

3. Bypass Physical Borders: By treating the “cloud” as a searchable extension of a Turkish office, the Board has effectively digitised the TCA's reach, erasing physical borders for the purpose of evidence collection.

The Effects Doctrine as a Jurisdictional Bridge

The decision leans heavily on the effects theory, enshrined in Article 2 of Law No. 4054. Spotify argued that the requested employees were based abroad. However, the TCA's inquiry revealed that these employees held Türkiye-specific titles and managed local curation, cultural trends, and marketing strategies.

Given their decisions regarding playlist curation, algorithmic ranking, and local pricing, the Board concluded that their actions directly affected the Turkish music streaming market. Therefore, their digital footprint is subject to the Board's jurisdiction, regardless of their physical location or the legal seat of their employer (Spotify AB).

The Board aptly noted that allowing companies to shield operations by relocating teams abroad would render the effects theory toothless in the digital age.

The Dual Penalty: Fixed and Daily Fines

Under Turkish law, obstructing an inspection triggers two distinct financial liabilities:

  • Fixed Fine: A lump-sum fine of 0.5% of the undertaking's gross annual turnover.
  • Daily Recurring Fine: A daily fine of 0.05% of the annual turnover for each day that the obstruction continues (i.e., until the undertaking grants the requested access).

Citing the legal safety principle, the Board argued that without a daily penalty, a firm could strategically “buy” its way out of an investigation. A fixed 0.5% fine might be seen as a mere cost of doing business to hide evidence that might lead to a much larger fine for a substantive antitrust violation.

Key Takeaways for International Counsel

For practitioners and general counsel at global tech firms, this decision necessitates a new “Turkish Compliance” protocol:

  • Remote-Ready Compliance: Firms must assume that any employee with a “Türkiye-facing” role—regardless of their physical seat—is subject to the TCA's dawn raid powers.
  • The Cooperation Window: Similar to past cases involving global companies,2 the Spotify case clarifies that “coordinating with HQ” or “awaiting legal review” is not an open-ended excuse for delay. The Board's assessment of obstruction functions as a reasonableness test regarding the speed and quality of cooperation. Consequently, swift and proactive coordination is a critical procedural safeguard for undertakings seeking to avoid significant fines.
  • Economic Unit Liability: A local office with a single representative is not officially treated as the legal gateway to the global corporation's entire server farm and cloud infrastructure.

Conclusion

The Spotify decision is a clear warning to “asset-light” digital giants: The TCA's reach is no longer limited by bricks and mortar. In the modern digital economy, the “premises” of an undertaking is anywhere its data resides and its commercial activities are directed from. By asserting its power to remotely inspect foreign-based employees, the TCA has moved the dawn raid from the lobby to the cloud.

Footnotes

1. The Board's decision dated 17.07.2025 and numbered 25-26/634-392 concerning Spotify's obstruction of an onsite inspection.

2. The Board's Unilever (07.11.2019, 19-38/584-250) and Siemens Healthcare (07.11.2019, 19-38/581-247) decisions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Sinan Diniz
Sinan Diniz
Photo of Simru Tayfun
Simru Tayfun
Photo of Beyza Arlı
Beyza Arlı
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More