Malta
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Malta criminalises unlawful computer access via Criminal Code Art. 337C, which covers the unlawful use of a computer to access, copy, or modify data held in any computer; the article also covers disclosure of passwords, interception of non-public transmissions, and producing or distributing devices for these acts. The key element is access "without authorisation by an entitled person." A 2022 case (the FreeHour ethical-hacking prosecution) illustrated that Art. 337C can be applied even to security researchers who access a system without explicit authorisation, highlighting a relatively broad interpretation. Malta transposed DSM Directive 2019/790 by early 2022, introducing dual-track TDM exceptions into the Copyright Act. The full EU sui generis database right applies. GDPR is enforced by the Information and Data Protection Commissioner (IDPC). EU AI Act applies from August 2025.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | security mechanism bypass |
| Public-page carve-out | yes |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | tdm dual track |
| Text and data mining — commercial status | with optout |
| Text and data mining — opt-out mechanism | robots txt |
| robots.txt legal weight | evidentiary |
| AI training-specific law | binding |
| Privacy regime | GDPR |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Fast-moving area — verify before relying. Not legal advice.