Employer Liability for Employees Using Unlicensed Software Under Turkish Law

Learn how Turkish law treats employer liability when employees use unlicensed software, including copyright infringement, contract liability, triple-fee claims, damages, criminal exposure, and practical compliance steps.

Software compliance is no longer a narrow IT issue. In modern businesses, software sits at the heart of accounting, design, engineering, production planning, logistics, HR, communications, and data processing. That is why unlicensed software use by employees can create legal exposure not only for the individual employee, but also for the employer. Under Turkish law, computer programs are protected works under Law No. 5846 on Intellectual and Artistic Works, and the current consolidated version reflects amendments in force through 25 December 2021.

In practice, the question is rarely limited to obvious piracy. Employer liability may arise when employees install cracked software, share single-user licenses across teams, continue using expired subscriptions, use trial or educational versions for commercial work, or rely on software obtained through unauthorized channels. Turkish copyright guidance from the Ministry of Culture and Tourism confirms that copyright infringement can lead to both civil and criminal proceedings, including unauthorized reproduction, distribution, communication to the public, commercial possession, and storage of unlawfully reproduced works.

This makes the topic especially important for employers. Many companies assume that if a technician, designer, accountant, engineer, or freelance IT support person handled the installation, any risk stays with that individual. Turkish law does not work that way. In several situations, the employer can face direct exposure for software infringements committed by employees while performing their duties, even where the employer argues that management was not personally involved in the installation.

Why software is protected under Turkish law

Turkish copyright law explicitly treats computer programs as protected works. Law No. 5846 defines a computer program as a sequence of commands arranged so that a computer system performs a specific operation or task, including preparatory work leading to the creation and development of that command structure. The same law classifies computer programs as literary and scientific works, while clarifying that underlying ideas and principles are not protected as works themselves.

This distinction matters because the law protects the protected expression of software, not abstract functionality. So if an employee installs, copies, runs, stores, or uses a protected software package without authorization, the issue is not simply a breach of internal company policy. It can become an infringement of the copyright owner’s economic rights under Turkish law.

Another important point is that copyright protection in Türkiye does not depend on mandatory registration. The Ministry’s copyright guidance explains that copyright already belongs to the person who creates the work, and optional registration is only a declaratory mechanism that can make proving authorship easier. In other words, an employer cannot safely assume that a software vendor lacks enforceable rights merely because no local registration certificate is on file.

What counts as unlicensed software use in the workplace?

Employers often think of unlicensed software only as cracked or pirated software. That is too narrow. Under Turkish law, the real question is whether the company’s use falls within the permission granted by the copyright owner or authorized licensor. If the company exceeds that scope, the problem may move from ordinary contract non-compliance into copyright infringement.

Common workplace examples include installing a single-seat program on multiple office computers, using an educational or non-commercial license for client work, giving multiple employees access to one user account, continuing to run a subscription product after expiry, or allowing branch offices or affiliates to use software licensed only for one entity or one location. Because the law requires agreements concerning economic rights to be in writing and to specify the rights separately, vague or informal assumptions about “company-wide use” are dangerous.

The law also distinguishes between simple and exclusive licenses. Unless the law or the contract indicates otherwise, a license is treated as a simple license, meaning the rights holder remains free to grant the same permission to others. The transfer of ownership of an original or copied medium also does not, by itself, transfer the intellectual property rights. That means purchasing hardware, a copy, or installation media does not automatically grant broad reuse rights to the employer.

Lawful use exceptions exist, but they are narrow

Turkish law does allow some limited freedoms for lawful users of software. Article 38 of Law No. 5846 states that where there are no decisive contractual provisions to the contrary, a person who lawfully acquired a computer program may reproduce or adapt it to the extent necessary for its intended use, including correction of errors. The same provision protects loading, running, error correction, and one backup copy where necessary for use, and also permits observation and testing of the program to identify the ideas and principles underlying it.

But these protections apply only to persons who acquired the software lawfully. They do not legitimize cracked installations, forged activation methods, unauthorized user expansion, or company-wide deployment beyond the licensed scope. In short, Turkish law protects necessary operational use by lawful users, not misuse disguised as operational necessity.

This is crucial for employer liability. Companies sometimes argue that the employee merely “installed and ran” the program, which is something lawful users may do. But if the software was not lawfully acquired in the first place, or if the licensed scope was exceeded, that argument loses most of its force.

Why employers can be directly liable

The strongest statutory basis for employer exposure appears in Article 66 of Law No. 5846. That provision allows the person whose moral or economic rights were infringed to bring an action for removal of infringement against the infringer. It then goes further: if the infringement was committed by representatives or employees of an enterprise while performing their services, the action may also be brought against the enterprise owner, and fault is not required for that action.

This matters enormously in workplace software cases. If an employee installs or uses unlicensed software in the course of employment, the employer may be sued directly for removal of infringement even if management says it did not personally authorize the act. The statutory design is deliberate: the law does not allow enterprises to escape responsibility simply by pushing blame downward to individual staff members.

That does not mean the employer is automatically liable for every imaginable employee act in every context. Facts still matter. The use must be connected to the employee’s services and the enterprise setting. But where the software was used for company business, on company systems, for company projects, or under company supervision, the employer’s exposure becomes much easier to establish.

Contract liability strengthens the employer’s exposure

Employer liability is not limited to copyright law. Turkish contract law also matters, especially where the company entered into a software license agreement and then exceeded its scope through employee conduct. Article 112 of the Turkish Code of Obligations provides that if an obligation is not performed at all or is not properly performed, the debtor must compensate the creditor’s loss unless the debtor proves lack of fault. Article 113 further states that in obligations to do or not to do something, the creditor may request performance at the debtor’s cost and seek removal of the consequences of non-compliance.

In software licensing, that means an employer may face ordinary contractual liability where employees breach user limits, geographic restrictions, duration limits, account-sharing rules, or deployment restrictions contained in the license. So even before the case is analyzed as copyright infringement, it may already be a contract breach with compensatory consequences.

Article 116 of the Turkish Code of Obligations makes the employer’s position even more exposed. It states that a debtor remains liable for damage caused by helpers, including employees and persons working alongside the debtor, even where the task was lawfully entrusted to them. In practice, this means that if the employer leaves software installation, configuration, or IT administration to employees or external support personnel, the employer may still bear liability for the damage their acts cause to the other party.

This provision is highly relevant in real life. Many companies say the unlicensed software was installed by an IT contractor, a junior employee, a designer, or an accountant without legal review. Under Turkish obligations law, that type of delegation usually does not sever the company’s responsibility toward the software owner or licensor.

The most serious civil exposure: the triple-fee claim

For employers, the most financially dangerous part of Turkish copyright law is usually Article 68 of Law No. 5846. This article provides that where a work, performance, phonogram, or production is processed, reproduced, distributed, performed, or communicated to the public without the written permission required by law, the right holder may claim up to three times the amount that could have been requested if a contract had been made, or up to three times the market fee to be determined under the law.

This is not ordinary damages. It is a strengthened statutory claim designed to deter unauthorized use. For employers, the practical effect is that the financial risk of employee-driven unlicensed use can far exceed the normal price of purchasing compliant licenses in the first place. If multiple users, departments, locations, or projects were involved, the numbers can become very serious very quickly.

The same article also allows the right holder, depending on the circumstances, to request destruction of unauthorized copies and the tools used to reproduce them, or to demand their delivery against an appropriate price, again without eliminating the infringer’s broader legal responsibility. In workplace cases, this can translate into a demand not only for money, but also for removal of software copies, deactivation of installations, and surrender or neutralization of unlawful reproduction tools.

Damages, profit transfer, and operational disruption

Article 70 of Law No. 5846 separately allows claims for damages. Where economic rights are infringed, the injured party may claim damages under tort principles if the infringer is at fault. The same provision also allows the injured party to request transfer of the profits obtained through the infringement, subject to interaction with the triple-fee structure. This matters because employers often benefit commercially from employee use of unlicensed software.

If engineers used unlicensed CAD software to complete client projects, if finance staff ran unlicensed accounting software to keep operations moving, or if design staff used unauthorized tools in revenue-generating work, the right holder may argue that the employer gained measurable economic value from infringement. That can influence both damages and settlement posture.

There is also a strong operational dimension. Article 66 supports actions for removal of infringement, and Article 77 allows interim measures where necessary to prevent substantial harm, sudden danger, or fait accompli situations. The court may order a party to do or refrain from doing certain acts, and may preserve unauthorized copies or reproduction tools. In practice, that means an employer may face pressure not only to pay, but also to stop using critical software while the dispute is still ongoing.

Criminal exposure for the employer and the company environment

Turkish law does not treat software infringement purely as a civil matter. The Ministry’s copyright guidance states that criminal proceedings are possible for unauthorized processing, reproduction, alteration, distribution, communication to the public, publication, and for commercially acquiring, importing, exporting, storing, or holding unlawfully reproduced works outside personal use. That means workplace software misuse can cross into criminal territory, especially where the use was systematic and commercial.

The 2021 amendment to Article 72 is particularly important in employee misuse cases involving cracked software. WIPO’s 2023 notification explains that Article 72 was revised so it no longer targets only computer programs in a narrow sense, but now covers all works, performances, phonograms, productions, and broadcasts in relation to circumvention of technological measures. The amendment aligns the Turkish law more closely with the EU Information Society approach.

For employers, this means that an employee’s use of cracked activation tools, key generators, or other methods designed to bypass technological protection measures may create a more serious profile than mere overuse of licensed seats. The legal system sees not only unlicensed use, but also circumvention infrastructure.

Evidence pressure is often decisive

One reason employers lose leverage in these disputes is weak documentation. Article 76 of Law No. 5846 gives courts an important tool: if the claimant presents enough evidence to create a strong belief in the correctness of the claim, the court may require the user to submit documents proving that the necessary permissions and authorizations were obtained, or to submit lists of the relevant works used. Failure to produce those documents or lists creates a presumption of unlawful use.

That rule is especially powerful in employer-employee software cases. The company may insist that it did not know an employee was using unauthorized software, but if it cannot produce purchase records, license assignments, user lists, subscription proofs, or internal asset inventory records, the defense quickly weakens. In practice, courts are much more receptive to a company that can map each installation to a valid license.

This is why internal software governance is not merely administrative hygiene. It is litigation readiness. Purchase invoices, subscription renewals, device inventories, access logs, contractor instructions, and offboarding records are often the difference between a manageable dispute and a highly dangerous one.

Digital evidence and workplace computers

Where the matter reaches criminal procedure, digital evidence becomes central. Article 134 of the Criminal Procedure Code permits search of computers, computer programs, and computer logs where there are strong suspicions based on concrete evidence and no other way to obtain the evidence. It also permits copying of records and, where necessary, temporary seizure if encryption or technical difficulty prevents immediate access. The law requires backup copies of the data and provides for a copy to be given to the suspect or counsel.

For employers, this means that internal systems can become evidence environments. Device images, installation files, activation traces, logs, user credentials, shared accounts, archived emails with license keys, and vendor communications may all become relevant. So when an employee uses unlicensed software at work, the company’s own infrastructure can become the source of proof against it.

This is also why panic deletion is a poor strategy. If a company responds to suspicion by wiping devices or purging records without first understanding the legal implications, it may not erase the problem and can further damage its defense. The better approach is controlled internal fact-finding, preservation of relevant records, and rapid legal assessment.

Practical compliance lessons for employers

The first lesson is simple: do not treat software use as a purely technical matter. Procurement, legal, IT, finance, and HR all need to coordinate. Procurement should know what license type was purchased. IT should know where it is installed. HR should ensure that departing employees lose access. Legal should review high-risk license terms. Finance should preserve invoices and subscription history. That is the only realistic way to reduce employer exposure when staff use software daily across teams.

The second lesson is that employers need a real software asset inventory, not assumptions. Every installation should be mapped to a specific entitlement, and every entitlement should be supported by retrievable documentation. This matters especially where employees use industry software, remote work tools, or programs installed by outside contractors. If the company cannot prove lawful use, Turkish law gives the claimant strong evidentiary advantages.

The third lesson is to distinguish different risk levels. A simple seat overage, a misused educational license, and a cracked activation are not identical problems. All can create employer liability, but cracked or deliberately circumvented setups usually present the most serious combination of civil and criminal exposure. Early legal triage matters.

Conclusion

Under Turkish law, employers can face serious liability when employees use unlicensed software in the course of their work. The legal basis is strong and multi-layered: computer programs are protected works; copyright protection does not depend on mandatory registration; infringement can trigger removal actions, triple-fee claims, damages, profit transfer, interim relief, and criminal complaints; and both copyright law and the Turkish Code of Obligations create pathways by which employee conduct can become employer liability.

For employers, the most important point is practical rather than theoretical. The safest strategy is not to hope the employee’s conduct remains invisible. It is to build a system in which lawful software use can be proven quickly and clearly. In the field of software compliance, the employer who can document, trace, and control use is usually in a far stronger position than the employer who merely says, “We did not know.