Mongolia
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Mongolia presents moderate crawling risk under a civil-law system with no EU baseline. The Law on Personal Data Protection (LPDP, adopted 17 December 2021, in force 1 May 2022) is the primary data-protection instrument; it applies to collection, processing, use, and security of personal data by any person or entity, including by means of hardware and software. The Cybersecurity Law of Mongolia (adopted 17 December 2021, in force 1 May 2022) amended Chapter 26 of the Criminal Code to align with Budapest Convention definitions; Chapter 25 of the Criminal Code contains substantive computer-crime provisions (illegal access, data interference, misuse of devices). No TDM copyright exception exists in the Copyright Law of Mongolia (2006). No sui generis database right. No unfair-competition data doctrine comparable to China's AUCL. Overall, Mongolia's framework is modern enough to impose real data-protection obligations but lacks the enforcement density and regulatory activity seen in more mature regimes.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | without permission |
| Public-page carve-out | unsettled |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | fair dealing narrow |
| Text and data mining — commercial status | prohibited |
| Text and data mining — opt-out mechanism | none |
| robots.txt legal weight | non binding notice |
| AI training-specific law | none |
| Privacy regime | Law on Personal Data Protection 2021 (in force 1 May 2022) |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Not legal advice.