Directive 2013/40 - Attacks against information systems

Please note

This page contains a limited version of this dossier in the EU Monitor.

1.

Current status

This directive has been published on August 14, 2013, entered into force on September  3, 2013 and should have been implemented in national regulation on September  4, 2015 at the latest.

2.

Key information

official title

Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA
 
Legal instrument Directive
Number legal act Directive 2013/40
Original proposal COM(2010)517 EN
CELEX number i 32013L0040

3.

Key dates

Document 12-08-2013
Publication in Official Journal 14-08-2013; OJ L 218 p. 8-14
Effect 03-09-2013; Entry into force Date pub. +20 See Art 18
End of validity 31-12-9999
Transposition 04-09-2015; At the latest See Art 16.1

4.

Legislative text

14.8.2013   

EN

Official Journal of the European Union

L 218/8

 

DIRECTIVE 2013/40/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 12 August 2013

on attacks against information systems and replacing Council Framework Decision 2005/222/JHA

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 83(1) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee (1),

Acting in accordance with the ordinary legislative procedure (2),

Whereas:

 

(1)

The objectives of this Directive are to approximate the criminal law of the Member States in the area of attacks against information systems by establishing minimum rules concerning the definition of criminal offences and the relevant sanctions and to improve cooperation between competent authorities, including the police and other specialised law enforcement services of the Member States, as well as the competent specialised Union agencies and bodies, such as Eurojust, Europol and its European Cyber Crime Centre, and the European Network and Information Security Agency (ENISA).

 

(2)

Information systems are a key element of political, social and economic interaction in the Union. Society is highly and increasingly dependent on such systems. The smooth operation and security of those systems in the Union is vital for the development of the internal market and of a competitive and innovative economy. Ensuring an appropriate level of protection of information systems should form part of an effective comprehensive framework of prevention measures accompanying criminal law responses to cybercrime.

 

(3)

Attacks against information systems, and, in particular, attacks linked to organised crime, are a growing menace in the Union and globally, and there is increasing concern about the potential for terrorist or politically motivated attacks against information systems which form part of the critical infrastructure of Member States and of the Union. This constitutes a threat to the achievement of a safer information society and of an area of freedom, security, and justice, and therefore requires a response at Union level and improved cooperation and coordination at international level.

 

(4)

There are a number of critical infrastructures in the Union, the disruption or destruction of which would have a significant cross-border impact. It has become apparent from the need to increase the critical infrastructure protection capability in the Union that the measures against cyber attacks should be complemented by stringent criminal penalties reflecting the gravity of such attacks. Critical infrastructure could be understood to be an asset, system or part thereof located in Member States, which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, such as power plants, transport networks or government networks, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions.

 

(5)

There is evidence of a tendency towards increasingly dangerous and recurrent large-scale attacks conducted against information systems which can often be critical to Member States or to particular functions in the public or private sector. This tendency is accompanied by the development of increasingly sophisticated methods, such as the creation and use of so-called ‘botnets’, which involves several stages of a criminal act, where each stage alone could pose a serious risk to public interests. This Directive aims, inter alia, to introduce criminal penalties...


More

This text has been adopted from EUR-Lex.

5.

Original proposal

 

6.

Sources and disclaimer

For further information you may want to consult the following sources that have been used to compile this dossier:

This dossier is compiled each night drawing from aforementioned sources through automated processes. We have invested a great deal in optimising the programming underlying these processes. However, we cannot guarantee the sources we draw our information from nor the resulting dossier are without fault.

 

7.

Full version

This page is also available in a full version containing the summary of legislation, the legal context, de Europese rechtsgrond, other dossiers related to the dossier at hand, the related cases of the European Court of Justice and finally consultations relevant to the dossier at hand.

The full version is available for registered users of the EU Monitor by ANP and PDC Informatie Architectuur.

8.

EU Monitor

The EU Monitor enables its users to keep track of the European process of lawmaking, focusing on the relevant dossiers. It automatically signals developments in your chosen topics of interest. Apologies to unregistered users, we can no longer add new users.This service will discontinue in the near future.