UK decides to opt in to EU-wide cyber security plan


The UK is to opt in to a European Union directive to tackle the "real and growing" threat posed by cyber crime.

Home Office minister James Brokenshire told MPs the directive was still "not perfect" but said international action was needed to tackle online crime.

By opting in, he said the "reach of UK law enforcement officers" would be able to extend beyond UK borders.

Mr Brokenshire said cyber terrorism had been listed in the National Security Strategy as a major threat.

But Conservative MP Bill Cash, chairman of the European scrutiny committee, said he was "gravely concerned" by the decision to announce an opt-in without his committee being given notice.

The draft directive, which replaces a 2005 Framework Decision that includes the UK, includes new measures requiring countries to criminalise "the international interception of non-public transmissions of computer data from an information system".

EU states will also have to criminalise "the production, sale, procurement, import, possession or distribution of any device or tool for the purpose of committing any of the offences" contained in the directive.

Explanation requested

There would have to be maximum prison terms of at least five years if a criminal organisation was involved, or where a tool such as a botnet was used with the intention of attacking "a significant number of information systems".

Member states who opt-in would have to have a "national contact point" who could provide a response to another member state's request within eight hours. They would also have to collate statistical data on all such offences.

The EU says making member states' criminal laws broadly similar would discourage offenders from exploiting differences by basing themselves in states with more lenient criminal laws.

When Mr Cash's committee examined the directive last year, it concluded that the legal base proposed was appropriate and accepted there was "a case for further EU action to respond to new methods and tools for committing cyber crime".

But it asked for an explanation of the implications in requiring for member states "to exercise jurisdiction where an offence has been committed by a person who is 'habitually resident' within the territory of that state".