The law will protect those who close cyber vulnerabilities.
The German Federal Ministry of Justice is developing a bill to modernize computer-based criminal law, which will remove ethical hacking from criminal prosecution. The new initiative aims to reduce legal risks for cybersecurity professionals.
The bill provides for the protection of both individual researchers and IT companies specializing in security, which test computer systems in order to find vulnerabilities for subsequent security strengthening. According to the ministry, specialists acting in the interests of security ("white hackers") should not be at risk of criminal prosecution.
German Justice Minister Marco Buschmann stressed the importance of identifying gaps in information security for the entire society. Currently, the country's legislation qualifies any "unauthorized" access to data as a criminal offense. The amendments affect three articles of the Criminal Code: on gaining access to data (§202a), interception of data (§202b) and modification of data (§303a). The new paragraphs will clarify that the actions of researchers in the field of information security are not "unauthorized" and, therefore, are not subject to punishment.
In parallel with the relaxation for ethical hackers, the bill provides for tougher penalties for malicious hacking. Serious violations are punishable by imprisonment for a term of three months to five years. Particularly serious cases include: actions leading to large financial losses; actions committed for mercenary motives, as part of a criminal group or for commercial purposes; actions affecting the availability, operation, integrity, authenticity or confidentiality of critical infrastructure; as well as actions that threaten the security of the Federal Republic of Germany or its states, including those committed from abroad.
According to the minister, vulnerabilities in IT systems can have dramatic consequences in today's interconnected world. Cybercriminals and foreign forces can exploit security breaches to attack hospitals, transportation companies, power plants, steal personal data, and damage businesses.
The ministry also noted that the possession of hacking tools is not considered a criminal offense. The bill is under consideration until December 13, 2024, after which it will be submitted to parliament for approval.
Source
The German Federal Ministry of Justice is developing a bill to modernize computer-based criminal law, which will remove ethical hacking from criminal prosecution. The new initiative aims to reduce legal risks for cybersecurity professionals.
The bill provides for the protection of both individual researchers and IT companies specializing in security, which test computer systems in order to find vulnerabilities for subsequent security strengthening. According to the ministry, specialists acting in the interests of security ("white hackers") should not be at risk of criminal prosecution.
German Justice Minister Marco Buschmann stressed the importance of identifying gaps in information security for the entire society. Currently, the country's legislation qualifies any "unauthorized" access to data as a criminal offense. The amendments affect three articles of the Criminal Code: on gaining access to data (§202a), interception of data (§202b) and modification of data (§303a). The new paragraphs will clarify that the actions of researchers in the field of information security are not "unauthorized" and, therefore, are not subject to punishment.
In parallel with the relaxation for ethical hackers, the bill provides for tougher penalties for malicious hacking. Serious violations are punishable by imprisonment for a term of three months to five years. Particularly serious cases include: actions leading to large financial losses; actions committed for mercenary motives, as part of a criminal group or for commercial purposes; actions affecting the availability, operation, integrity, authenticity or confidentiality of critical infrastructure; as well as actions that threaten the security of the Federal Republic of Germany or its states, including those committed from abroad.
According to the minister, vulnerabilities in IT systems can have dramatic consequences in today's interconnected world. Cybercriminals and foreign forces can exploit security breaches to attack hospitals, transportation companies, power plants, steal personal data, and damage businesses.
The ministry also noted that the possession of hacking tools is not considered a criminal offense. The bill is under consideration until December 13, 2024, after which it will be submitted to parliament for approval.
Source
