Call us today on 0141 552 9193
GLP News

News, Comment & Opinions on the latest legal stories

Glasgow Law Practice White

Practice made perfect

Hacking IT systems to become a criminal offence

Cyber attacks on IT systems would become a criminal offence punishable by at least two years in prison throughout the EU under a draft law backed by the European Civil Liberties Committee. Possessing or distributing hacking software and tools would also be an offence, and companies would be liable for cyber attacks committed for their benefit.

The proposal would establish harmonised penal sanctions against perpetrators of cyber attacks against an information system – for instance a network, database or website. Illegal access, interference or interception of data would be treated as a criminal offence.

The maximum penalty to be imposed by Member States for these offences would be at least two years’ imprisonment, and at least five years where there are aggravating circumstances such as the use of a tool specifically designed to for large-scale (e.g. “botnet”) attacks, or attacks cause considerable damage (e.g. by disrupting system service), financial costs or loss of financial data.

Using another person’s electronic identity (e.g. by “spoofing” their IP address), to commit an attack, and causing prejudice to the rightful identity owner would also be an aggravating circumstance – for which MEPs say Member States must set a maximum penalty of at least three years.