Syria
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Syria is an active conflict zone and post-Assad transition; its legal framework is severely compromised. The Assad government enacted Cybercrime Law No. 20 of 2022 (replacing Law No. 17 of 2012), which broadly criminalises unauthorized computer access, requires ISPs to retain and surrender user data to authorities, and carries penalties of up to 15 years imprisonment. The Electronic Personal Data Protection Law No. 12 of 2024 was issued by the Assad government shortly before its collapse; it imposes data collection and processing rules but also mandates ISP data retention for state surveillance. Both laws were instruments of the former regime, and their post-transition legal status and enforceability are deeply uncertain following the fall of the Assad government in December 2024. No TDM exception exists; no EU-style sui generis database right. The practical enforcement environment is minimal and the applicability of former-regime law under the transitional administration is unclear. Confidence is low and human review is essential.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | unsettled |
| Public-page carve-out | unsettled |
| Terms-of-service browsewrap enforceable | unsettled |
| Terms-of-service clickwrap enforceable | unsettled |
| Copyright exception model | closed list |
| Text and data mining — commercial status | unsettled |
| Text and data mining — opt-out mechanism | none |
| robots.txt legal weight | non binding notice |
| AI training-specific law | none |
| Privacy regime | Electronic Personal Data Protection Law No. 12/2024 (status uncertain post-transition) |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: low. Not legal advice.