Kazakhstan
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Kazakhstan presents moderate crawling risk, elevated for any operator processing Kazakhstani citizens' personal data due to strict data-localization rules. The Penal Code Art. 205 criminalises illegal access to computer information; Art. 207 covers system interference; Art. 211 addresses unlawful distribution of electronic resources containing restricted personal data. The Law on Personal Data and Their Protection (May 2013, No. 94-V, as amended through December 2023 in force February 2024) requires storage of Kazakhstani citizens' personal data in databases physically located in Kazakhstan. The Copyright Law (1996, as amended 2015) protects databases as compilations on originality grounds; no TDM exception. Enforcement by the Committee for Information Security under the Ministry of Digital Development.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | security mechanism bypass |
| Public-page carve-out | unsettled |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | closed list |
| Text and data mining — commercial status | prohibited |
| Text and data mining — opt-out mechanism | none |
| robots.txt legal weight | non binding notice |
| AI training-specific law | none |
| Privacy regime | Law of the Republic of Kazakhstan on Personal Data and Their Protection (2013, as amended 2024) |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Not legal advice.