Kiribati
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Kiribati enacted the Cybercrime Act 2021 (passed August 2021; Budapest Convention accession 20 June 2024, in force 1 October 2024), which criminalises unauthorised access to computer systems, interception, data/system interference, identity theft, and related offences. No comprehensive data-protection law has been enacted (a Draft Data Protection Policy exists). Copyright is governed by the Copyright Act 2018 (Berne Convention member since 2 January 2018; WIPO Copyright Treaty since 22 June 2021); fair dealing is narrow and no sui generis database right exists. No TDM exception exists. Web-crawling law is addressed only through the general unauthorised-access offence; public pages carry implicit authorisation, so routine public-page crawling is unlikely to trigger the Act, but ToS prohibition or technical-barrier circumvention substantially elevates risk.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | without permission |
| Public-page carve-out | unsettled |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | fair dealing narrow |
| Text and data mining — commercial status | unsettled |
| Text and data mining — opt-out mechanism | none |
| robots.txt legal weight | non binding notice |
| AI training-specific law | none |
| Privacy regime | none enacted (Draft Data Protection Policy) |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: low. Not legal advice.