Out-Law News 1 min. read
30 Jul 2013, 3:19 pm
A new Directive on attacks against information systems was voted through by the Council of Ministers last week and will have to be transposed into national laws within two years of the Directive's publication in the Official Journal of the EU. MEPs at the European Parliament adopted the text earlier this month. The new framework will require member states to "take the necessary measures" to ensure businesses can be held liable for offences such as the illegal accessing of information systems, illegal system or data interference or illegal interception.
Under the Directive member states would be able to levy a number of sanctions on companies engaged in such cyber attacks. Member states would also be able to serve punishments on companies where failings in their "supervision or control" has allowed "a person under its authority" to commit any of the listed offences.
Sanctions could include "exclusion from entitlement to public benefits or aid; temporary or permanent disqualification from the practice of commercial activities; placing under judicial supervision; judicial winding-up; temporary or permanent closure of establishments which have been used for committing the offence", according to the Directive. Sanctions imposed would have to be "effective, proportionate and dissuasive" in order to be justified.
"I very much welcome the final adoption of this Directive, which will significantly boost Europe's defences against cyberattacks and contribute to strengthening the EU citizen's confidence online," Cecilia Malmström, EU Commissioner for Home Affairs, said in a statement.
"I trust that Member states will act swiftly and promptly to implement the new rules that define criminal offences and sanctions in the area of cybercrime, improve the reporting of relevant cyberincidents to law enforcement authorities and provide for the sharing of Member States' crime statistics with the EU," she said.
"I cannot stress enough the need for better information on cybercrime: it allows for a more complete picture of the extent of cybercrimes and enables a targeted and appropriate policy response. I am confident that the new Directive will contribute to improve cross-border police cooperation and will establish more effective monitoring systems and data collection. We all need to work together to achieve the objectives that we have set ourselves. It is therefore essential that all Member States get up to speed and make cybersecurity a top priority," Malmström added.
