The European Parliament (EP) decided to upgrade the current legislation on cyberattacks. The new law would turn cyberattacks, and the possession and distribution of hacking tools into a criminal offense in all the European Union.
The proposal was approved with 50 votes in favor and, if it becomes law, hackers who breach websites, databases, or networks will be sent to jail for at least two years and at least five years if the consequences of their actions cause serious damages.
“We are dealing here with serious criminal attacks, some of which are even conducted by criminal organisations. The financial damage caused for companies, private users and the public side amounts to several billions each year,” revealed rapporteur Monika Hohlmeier.
“No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world.”
A maximum penalty of at least three years imprisonment is appointed for individuals who take upon themselves the virtual identity of someone else (IP spoofing) to launch an attack, but only if the attack has serious consequences and if any harm is caused to the identity of the rightful owner.
The use, development, or commercialization of hacking tools (ones that launch cyberattacks, or ones that crack passwords) will also become a criminal offence.
Companies who hire hackers to do their dirty work may be liable for the crimes committed for their benefit.
Finally, member states of the European Union must make sure that they are able to immediately respond to urgent requests in case of an attack from outside the country’s borders.
It's clear that the large number of incidents that have occurred lately has made the European Parliament reassess its position. Most likely, the EP hopes that the tougher legislation will discourage many hackers from testing their skills on the sites and networks of government and private organizations.