Luxembourg, 10/06/2011 (Agence Europe) - At their meeting in Luxembourg on Friday 10 June, EU27 justice ministers agreed on some of the draft directive on dealing with cyber attacks unveiled last September by the European Commission. There was little enthusiasm about the agreement, however, with countries like France saying the directive did not go far enough. The Council took note and decided to do further work on the remaining areas, like heavier penalties when identity theft is involved and penalties for serious crime, both of which had been removed from the compromise agreed to on Friday, regretted Hungarian Justice Minister Tibor Navracsics. Under the partial agreement, there will be a two-year or longer prison sentence for ordering, carrying out or complicity in cyber attacks, rising to five years if the attacker is a member of a criminal organisation or if the attack is on key infrastructure. A Hungarian source explained that the Council of Ministers will ask the Commission to draw up new legislation on the remaining issues.
The Commission's draft legislation updates the 2005 rules, setting out and introducing greater harmonisation of the penalties s for cyber attacks, which can be increased for certain types of attack. The directive suggests making the use of mechanisms used to launch cyber attacks a crime and improving EU cooperation on criminal justice matters. In the draft legislation, the Commission includes identity theft as justifying longer sentences, but this was not included in the compromise agreed on Friday, which will now be negotiated with the European Parliament. (S.P./transl.fl)