European Union Harmonizes The Approach To Sentencing Cybercriminals

Author:Ms Cynthia O'Donoghue
Profession:Reed Smith

In early July, the European Parliament adopted a new directive harmonizing the criminal laws relating to cyberattacks (Directive). It will replace the current nonbinding agreement between EU countries from 2005 (Framework Decision 2005/222/JHA). The Directive aims to harmonise the approach to cybercrime, by requiring all Member States to introduce maximum imprisonment sentences ranging from two to five years for various forms of cyberattack. "Cyber crime does not stop at borders, so it is vital to have a comprehensive and joint set of rules to prevent and fight it successfully," said Monika Hohlmeier, a German lawmaker responsible for overseeing the Directive's passage through the European Parliament.

The Directive would set a three-tier system of maximum prison sentences applicable to cybercrimes, and it will be in each Member States' discretion to define which attacks would be classified as minor. In addition, perpetrators benefitting from their cybercrime would face penalties ranging disbarment from public benefits to being closed down.

All infringements will need to carry at least a 2 year maximum prison sentence. The crimes range from illegal interference with IT systems or data, access of information systems, interception of data, as well as producing, selling or distributing tools designed for a cyberattack. The penalty for illegal interference with systems or data should be increased to a maximum 3 year sentence when the perpetrator used tools specifically...

To continue reading