We are migrating the content of this website during the first semester of 2014 into the new EUR-Lex web-portal. We apologise if some content is out of date before the migration. We will publish all updates and corrections in the new version of the portal.
Do you have any questions? Contact us.
Attacks against information systems
This framework decision aims to fight cybercrime and promote information security. In light of this new form of transnational crime, the main aim of this Framework Decision is to enhance cooperation between judicial and other competent authorities through approximating rules on criminal law in the area of attacks against information systems.
Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems.
The main types of criminal offences covered by this Framework Decision are attacks against information systems * such as piracy, viruses and denial of service attacks.
This new criminal activity, which knows no borders, can be preve nted and combated by:
- enhancing the security of information infrastructures; and
- giving law enforcement authorities the means to act.
To this end, the present Framework Decision proposes the approximation of criminal law systems and the enhancement of cooperation between judicial authorities concerning:
- illegal access to information systems;
- illegal system interference;
- illegal data interference.
In all cases, the criminal act must be intentional.
Instigating, aiding, abetting and attempting to commit any of the above offences will also be liable to punishment.
The Member States will have to make provision for such offences to be punished by effective, proportionate and dissuasive criminal penalties.
Where an offence is committed in the context of a criminal organisation within the meaning of Joint Action 98/733/JHA, causes substantial loss or affects essential interests, this will be considered an aggravating circumstance. On the other hand, where an offence causes only minor damage, the competent judicial authority may reduce the penalty.
The framework decision proposes criteria for determining the liability of legal persons * and sets out sanctions that may apply if they are found liable (temporary or permanent disqualification from activity, court winding-up order, loss of public benefits, etc.).
Each Member State will have jurisdiction for offences committed on its territory or by one of its nationals. Where several Member States have jurisdiction over an offence, they must cooperate to decide which State will conduct proceedings against the author of said offence.
The Member States will exchange all information intended to enhance cooperation. Notably, operational points of contact available twenty-four hours a day and seven days a week within each Member State shall be appointed.
Member States must inform the General Secretariat of the Council and the Commission of their appointed points of contact and of any other measures adopted to comply with the Framework Decision.
At the Tampere European Council in October 1999, the need to approximate provisions concerning offences and sentencing in the area of cybercrime was recognised and reaffirmed in a Communication entitled: “Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime”.
The present Framework Decision forms a part of the information society and of the eEurope Action Plan in general.
This Framework Decision also aims to complement and develop activities carried out at the international level, such as the work of the G8 and the Council of Europe Convention on cybercrime.
Key Terms used in the Act
|Act||Entry into force||Deadline for transposition in the Member States||Official Journal|
|Framework Decision 2005/222/JHA||16.3.2005||16.3.2007||OJ L 69 of 16.3.2005|