Ukraine

Summary

Ukraine presents moderate risk for crawling with elevated fast-moving uncertainty. Criminal Code Art. 361 criminalises unauthorized interference with the operation of computers, automated systems, and networks — the paradigm case is system intrusion and disruption, not public-page scraping, so routine crawling of public pages carries low criminal risk. Personal data is currently governed by Law No. 2297-VI (2010), which approximates earlier EU standards; Draft Law No. 8153 was adopted in first reading November 2024 and is being prepared for second reading — when adopted it will align Ukraine fully with GDPR/Convention 108+ and introduce GDPR-scale penalties (up to 5% of turnover or UAH 300,000 minimum per violation). Ukraine's Copyright Law 2023 (Law No. 2811-IX) aligns with EU standards and includes: (a) a sui generis database right (15-year term, protecting substantial investment); and (b) a TDM exception limited explicitly to research purposes where copies are made from a lawful source and the rights holder has not opted out via machine-readable means — identical in structure to EU DSM Art. 3. Commercial TDM and AI training for commercial products are not covered. Wartime disruptions affect enforcement capacity but do not suspend legal obligations.