On 4th July 2013, the European Parliament voted in favour of a draft legislative proposal calling for tough new measures against cybercrime. The new rules will introduce minimum sentences for cybercriminals and better cooperation between member states.

Tougher penalties for cybercrime in EU ©-asrawolf-Fotolia
Tougher penalties for cybercrim in EU ©-asrawolf-Fotolia

Sentences for cybercrime

Under the proposals EU member states will need to introduce minimum sentences of two years for cybercriminals.

The sentences will apply to cybercrimes such as accessing information systems without authorisation, illegal system interference, illegal data interference and illegal interception.

The minimum sentences will also apply to the production, sale and distribution of tools to be used for the commission of cybercrime.

The use of botnets (networks of computers infected with malware) will be punishable with a three-year prison sentence.

Cyber-attacks perpetrated by gangs or on critical infrastructure, such as government information systems, will be punishable with a five-year prison sentence.

Liability of businesses for cybercrime

The proposals foresee that legal persons will face penalties for the commission of cybercrime.

A company will therefore no longer be able to employ hackers to hack into a competitor’s database.

Penalties include the exclusion from receiving public subsidy, the prohibition on trading, the closure of establishments and judicial winding-up.

Speedy cooperation between authorities

Cooperation between police authorities and the judiciary in member states will be boosted through national contact points which will be responsible for ensuring that member states offer assistance to other member states within eight hours.

Next steps

The proposal will now pass to the European Union’s Council of Ministers for approval. Member states will then have two years in which to transpose the measures into national law.