Finland
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Finland presents a moderate-risk crawling environment with a clear EU-baseline framework. Rikoslaki (Criminal Code) ch. 38 section 8 (tietomurto / unlawful access to an information system) requires bypassing a security mechanism or using unauthorised credentials; public pages without technical barriers carry no criminal risk. The EU sui generis database right applies through Tekijanoikeuslaki (TekL). Finland transposed the DSM Directive effective 3 April 2023 (263/2023), implementing two TDM exceptions — a general commercial exception with machine-readable opt-out (Art. 4, TekL section 13a) and a research exception (Art. 3, TekL section 13). Robots.txt or equivalent metadata satisfies the opt-out reservation requirement. GDPR applies through Tietosuojavaltuutettu (TSV); no Finnish-specific exemption for publicly available personal data. EU AI Act is binding from August 2025. No Finnish court has specifically ruled on web scraping of public pages; the Vastaamo prosecution (2024) confirms ch. 38 section 8 targets secured-system breaches, not public-page access.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | security mechanism bypass |
| Public-page carve-out | yes |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | tdm dual track |
| Text and data mining — commercial status | with optout |
| Text and data mining — opt-out mechanism | robots txt |
| robots.txt legal weight | statutory |
| AI training-specific law | binding |
| Privacy regime | GDPR |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Fast-moving area — verify before relying. Not legal advice.