Cyber criminals will face at least two years in jail across the EU if they illegally access information systems.

EU Agrees Minimum Prison Term for Cyber Criminals
A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. (Credit: Reuters)

Under new regulations voted into law by the European Parliament this week, cyber-criminals along with any companies employing cyber-criminals will be liable to a minimum term of two years in jail if found guilty of attempting to illegally access information systems.

The new rules won't come into effect for another two years however as member states will be given this time to translate the new rules into national law.

The European Parliament in Strasbourg voted 541 to 91 with nine abstentions on the proposal by the European Commission, the EU executive. Denmark however has chosen to opt out of the rules, wanting to keep its own system in place.

At it stands at the moment, the 28 member states in the EU have a wide variety of sanctions in place for those found guilty of committing crimes in cyber space.


Cyber-crime has exploded in recent years with both individuals and businesses under threat from a variety of types of attack including spam, spear-phishing, botnets and more recently mobile malware.

Businesses are one of the main targets for cyber-criminals with most companies now holding huge troves of sensitive and highly valuable information about their customers on their own servers as well as in the cloud.

A recent report from the UK government highlighted the growing threat of cyber-crime to UK businesses. The report from the Department for Business, Innovation and Skills said that 87% of small businesses and 93% of large businesses experienced at least one kind of security breach in the past year.

As well as having to implement the new EU regulations over the coming 24 months, the UK government has launched the Cyber Security Strategy which pledged £650 million over four years to help combat cyber crime.

Critical infrastructure

As well as the minimum two year sentence for attempting to illegally access information systems, the EU has put in place a tougher five year minimum jail sentence for those attempting to attack infrastructure such as power plants, transport, or government networks which is higher than the current tariff in most member states.

The decision also increases the penalties for illegally intercepting communications, or producing and selling tools to do this.

Many cyber-criminals control large networks of infected or zombie PCs known as botnets and in turn rent these out to individuals or companies for a fee. Those renting the botnets use them for a variety of purposes such as sending spam emails or forcing competitor websites offline for a period.