EU increases penalties for cybercriminals and hackers

Looking to deter cyberattacks on national infrastructure and halt the illegal interception of communications, the European Union toughens its laws.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
2 min read

The European Union has decided to raise prison sentences for people found guilty of hacking, data breaches, and cyberattacks.

Lawmakers from the 28 nations in the EU decided Thursday, in a 541-91 vote, to assign harsher penalties for various cybercrimes, according to Reuters. Included in the increased prison sentences are at least two years for illegally accessing information systems and at least five years for cyberattacks against infrastructure, such as power plants, water systems, and transportation networks.

The lawmakers agreed that the most egregious crimes are those that breach the countries' infrastructure networks and the theft of sensitive data from computer systems.

Other cybercrimes that got penalty increases were the illegal interception of communications or the creation of tools for this purpose. Additionally, any company that uses these tools or hires hackers to steal data will also be liable under the new laws.

Currently, the penalties for cybercrime vary from country to country, but most sentences top out at five years, according to Reuters. Now each country has two years to put the new laws into place.

The only country that didn't sign onto the new rules was Denmark, which said it wanted to keep with its own sentences, according to Reuters.

This isn't the first EU vote to tighten penalties for cybercrime. In 2011, lawmakers agreed to tougher penalties for cybercrimes, including new punishments for botnet creators.

The U.S. is also working to clamp down on cybercriminals. In June, members of the U.S. House of Representatives Intelligence Committee proposed a new cybertheft law that would target hackers based in other countries. And in May, a group of senators proposed a similar bill called the "Deter Cyber Theft Act" to protect commercial data from foreign hackers and governments.