European lawmakers have agreed to toughen criminal penalties for cyber attacks across the union.
At the moment there is no harmonised legislation in the union’s 28 member states and sentences tend to vary drastically. However, the decision mandates national sentences of at least two years for attempting to illegally access information systems.
Attackers who take on infrastructure targets are looking at a sentence of five years or more, Reuters reports. Penalties for illegally intercepting communications or developing tools for such purposes are also being increased. Of course, governments can still do this, at least to some extent.
In addition, the new framework would try to clamp down on companies that benefit from botnets or hire hackers to steal trade secrets. Companies who engage in such practices will be liable for all offences committed on their behalf. However, it will take up to two years to implement the decision and amend national criminal legislation accordingly.
Even then, there will be a few European countries that don’t plan to enter the EU and won’t have to enforce its laws. Hackers and botnet operators can move to Belarus, Bosnia or Serbia, which are still under Moscow’s paws and won’t enter the union any time soon, if ever.