Croatia
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Croatia presents moderate risk for web crawlers. The Criminal Code (Kazneni zakon) Art. 266 criminalises unauthorised access to a computer system or computer data, with imprisonment up to one year (up to two years where public-interest systems are affected); the provision requires intentional access without authorisation and is primarily aimed at secured systems, not public pages. Croatia was an early DSM transposer, enacting a new Copyright and Related Rights Act (Zakon o autorskom pravu i srodnim pravima, ZAUP) published in Narodne Novine No. 111/2021 (in force 22 October 2021); the dual-track TDM exceptions apply, with commercial TDM on public content subject to a machine-readable opt-out (e.g. robots.txt). Croatia's Art. 15 press-publisher-right implementation contains gold-plating provisions. The full EU sui generis database right applies. GDPR is enforced by AZOP (Agencija za zaštitu osobnih podataka). No scraping-specific statute or published case law exists. The EU AI Act Art. 53 opt-out obligation is binding from August 2025 for GPAI providers.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | security mechanism bypass |
| Public-page carve-out | yes |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | tdm dual track |
| Text and data mining — commercial status | with optout |
| Text and data mining — opt-out mechanism | robots txt |
| robots.txt legal weight | evidentiary |
| AI training-specific law | binding |
| Privacy regime | GDPR |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Fast-moving area — verify before relying. Not legal advice.