United Kingdom
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
UK law presents moderate risk. The Computer Misuse Act 1990 s.1 covers 'unauthorised access' but has not been tested on public-page scraping; ignoring robots.txt or ToS could create some exposure. The UK retained the EU sui generis database right (Copyright and Rights in Databases Regs 1997) post-Brexit. Crucially, the UK has NO commercial TDM copyright exception — CDPA 1988 s.29A is narrow research-only — and a broader exception has been under active consultation since 2024 (outcome expected Spring/Summer 2026). UK GDPR applies; the ICO found Clearview AI in breach (confirmed on appeal, Upper Tribunal 2023). Until the TDM consultation concludes, AI training on UK-hosted content carries legal uncertainty.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | unsettled |
| Public-page carve-out | unsettled |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | fair dealing narrow |
| Text and data mining — commercial status | prohibited |
| Text and data mining — opt-out mechanism | none |
| robots.txt legal weight | non binding notice |
| AI training-specific law | pending |
| Privacy regime | UK GDPR |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-21. Confidence: medium. Fast-moving area — verify before relying. Not legal advice.