Serbia
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Serbia presents moderate-low crawling risk for public pages. The Criminal Code Art. 302 criminalises unauthorised access to computer systems but follows the Budapest Convention model — access is only criminal when a security mechanism is bypassed, so crawling genuinely public pages carries no criminal exposure. Serbia's Law on Copyright and Related Rights (2009, last amended 2019) includes an EU-style sui generis database producer right in Articles 139-140a, protecting substantial investment in databases. No general TDM exception exists (Serbia is not an EU member); commercial text-and-data mining is therefore at the copyright-holder's discretion. The 2018 Law on Personal Data Protection is closely modelled on GDPR and fully covers scraping of publicly available personal data. No AI-specific law exists. Robots.txt carries no statutory weight. Serbian competition law does not recognise a data-misappropriation tort akin to the US hotnews doctrine.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | security mechanism bypass |
| Public-page carve-out | yes |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | closed list |
| Text and data mining — commercial status | prohibited |
| Text and data mining — opt-out mechanism | none |
| robots.txt legal weight | non binding notice |
| AI training-specific law | none |
| Privacy regime | Law on Personal Data Protection (Official Gazette RS No. 87/2018) |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Not legal advice.