Brussels, 23/07/2013 (Agence Europe) - On Tuesday 23 July, Cecilia Malmström, EU Commissioner for Home Affairs, welcomed Monday's adoption by the EU Council of Ministers of new protection rules against cybercrime, in particular large-scale attacks on information systems. The commissioner said that these rules, defining criminal offences and sanctions in the area of cybercrime, improve the reporting of relevant cyber incidents to law enforcement authorities and provide for the sharing of member states' crime statistics with the EU.
The new directive builds on rules that have been in force since 2005 (Council Framework Decision 2005/222/JHA). While retaining a number of current provisions, it introduces new offences, such as the use of tools to commit large-scale attacks, new aggravating circumstances and higher criminal sanctions, in order to effectively prevent attacks against information systems. The directive improves cross-border cooperation between the judiciary and the police of EU member states and obliges member states to make better use of the existing 24/7 network of contact points by treating urgent requests within 8 hours. The directive also requires member states to collect statistical data on cyber-attacks and to have reporting channels in place, in order to alert the competent authority of offences.
The level of criminal sanctions includes a maximum prison sentence of two years, which can be increased to up to five years if the offence has been committed by a criminal organisation. The directive includes a number of aggravating circumstances that can be taken into account: when a large number of information systems have been affected, the maximum sentence will be at least three years; when the attack causes serious damage, a five-year prison sentence could be imposed as a minimum, and similar sentences would also apply to perpetrators of attacks on infrastructure that is deemed critical. (SP/transl.fl)