Cyprus
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Cyprus implements cybercrime law primarily through Law 22(III)/2004, which ratified the Council of Europe Budapest Convention on Cybercrime and introduced criminal liability for unauthorised access to computer systems, interference with computer data, and related offences. Enforcement is handled by the Office for Combating Cybercrime of the Cyprus Police. Cyprus transposed DSM Directive 2019/790 via amendments to the Intellectual Property Rights and Related Rights Law (L.59/1976) enacted in October 2022, introducing dual-track TDM exceptions after receiving a European Commission reasoned opinion for late transposition in May 2022. The full EU sui generis database right applies. GDPR is implemented by Law 125(I)/2018 and enforced by the Office of the Commissioner for Personal Data Protection (Cyprus DPC). Confidence is low because detailed English-language sources on the precise security-barrier test in L.22(III)/2004 and domestic enforcement decisions on scraping are scarce; the posture is inferred from the EU/Budapest Convention baseline and available summaries.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | security mechanism bypass |
| Public-page carve-out | yes |
| Terms-of-service browsewrap enforceable | unsettled |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | tdm dual track |
| Text and data mining — commercial status | with optout |
| Text and data mining — opt-out mechanism | robots txt |
| robots.txt legal weight | evidentiary |
| AI training-specific law | binding |
| Privacy regime | GDPR |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: low. Fast-moving area — verify before relying. Not legal advice.