Lithuania
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Lithuania follows the standard EU pattern. The Criminal Code Art. 198-1 criminalises unauthorised access to an information system by breaching security measures; the Lithuanian Supreme Court confirmed in 2023 that access without authorisation even by a former legitimate user can satisfy Art. 198-1, with no requirement to cause damage to the security measure itself. Crawling public pages without bypassing technical barriers carries no criminal exposure. The Copyright Act (Autorių teisių ir gretutinių teisių įstatymas) transposed DSM Directive 2019/790 (Articles 3-4 TDM dual-track), permitting general TDM subject to a machine-readable opt-out for commercial uses. The full sui generis database right applies. GDPR enforced by VDAI, which imposed Lithuania's largest-ever fine (EUR 2.4M against Vinted, July 2024) for unlawful data processing; scraping personal data without a lawful basis is a clear GDPR exposure. EU AI Act applies from August 2025.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | security mechanism bypass |
| Public-page carve-out | yes |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | tdm dual track |
| Text and data mining — commercial status | with optout |
| Text and data mining — opt-out mechanism | robots txt |
| robots.txt legal weight | evidentiary |
| AI training-specific law | binding |
| Privacy regime | GDPR |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Fast-moving area — verify before relying. Not legal advice.