East Timor
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Timor-Leste has no comprehensive data protection or privacy law in force as of mid-2026. The Constitution (Art. 38) guarantees a right to personal data protection, but there is no implementing statute. A cybercrime bill has been under draft since at least 2021, with a revised version tabled by the Ministry of Justice in June 2024; civil-society criticism of its free-speech implications had not been resolved as of early 2026, and the bill had not been enacted. Decree-Law No. 12/2024 (February 2024) introduces e-commerce and e-signature rules but does not address scraping. General criminal provisions of the Penal Code (Decree-Law No. 19/2009) may cover unauthorised computer intrusion, but the framework is thin and unenforced against crawling. The practical risk from Timor-Leste domestic enforcement is low; the legal uncertainty is high due to the absence of a modern statutory framework.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | unsettled |
| Public-page carve-out | unsettled |
| Terms-of-service browsewrap enforceable | unsettled |
| Terms-of-service clickwrap enforceable | unsettled |
| Copyright exception model | none |
| Text and data mining — commercial status | unsettled |
| Text and data mining — opt-out mechanism | na |
| robots.txt legal weight | non binding notice |
| AI training-specific law | none |
| Privacy regime | None in force (constitutional right only; no implementing statute) |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: low. Not legal advice.