The European Parliament has adopted new rules to impose stricter penalties across the European Union (EU) for cyber-attacks involving major botnets.
As per the new EU Directive, member states will have to introduce a minimum penalty for cyber attacks of two years for crimes such as illegally accessing or interfering with information systems.
The penalty of two years will also apply to those who interfere and snoop on data and communications illegally or intentionally sell or distribute software.
Minor cases are exempted from the directive, but the respective country should decided about what constitutes a minor case.
The text sets up a penalty of at least three years’ imprisonment for using botnets such as establishing remote control over a significant number of computers by infecting them with malicious software.
The maximum penalty for attacks against infrastructure such as power plants, transport and government networks will be set at five years.
The penalty of five years will also apply if an attack is committed by a criminal organisation or if it causes serious damage.
Member states will be required to respond quickly to urgent requests for help in the event of cyber attacks as per the new rules and legal persons, such as companies, would be liable for offences committed for their benefit.
The text, adopted by 541 votes to 91 with nine abstentions, is anticipated to be formally adopted by the Council soon.
According to the Parliament, the new directive builds on rules that have been in force since 2005 and once adopted, member states will have two years to transpose it into national law.