The text sets up a penalty of at least three years’ imprisonment for using botnets such as establishing remote control over a significant number of computers by infecting them with malicious software.
The maximum penalty for attacks against infrastructure such as power plants, transport and government networks will be set at five years.
The penalty of five years will also apply if an attack is committed by a criminal organisation or if it causes serious damage.
Member states will be required to respond quickly to urgent requests for help in the event of cyber attacks as per the new rules and legal persons, such as companies, would be liable for offences committed for their benefit.
The text, adopted by 541 votes to 91 with nine abstentions, is anticipated to be formally adopted by the Council soon.
According to the Parliament, the new directive builds on rules that have been in force since 2005 and once adopted, member states will have two years to transpose it into national law.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.