Fight against cybercrime

The Commission is exploring various avenues for preventing and combating cybercrime in order to tighten up the security of information infrastructures.

ACT

Communication from the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions: Creating a safer information society by improving the security of information infrastructures and combating computer-related crime [COM(2000) 890 final - not published in the Official Journal]

SUMMARY

The development of new information and communication technologies is radically changing our economy and society. The success of the information society is crucial for Europe's growth, competitiveness and employment opportunities. That is why the Commission adopted the eEurope initiative in December 1999 to ensure that the EU can reap the full benefits. The general action plan on the eEurope initiative, approved by the Feira European Council in June 2000, highlights the importance of network security and the fight against cybercrime.

At the same time the growing importance of information and communication infrastructure opens up new opportunities for criminal activities. The European Union has therefore taken a number of steps to fight harmful and illegal content on the Internet, protect intellectual property and personal data, promote electronic commerce and tighten up the security of transactions:

• The action programme on organised crime, adopted by the Council (Justice and Home Affairs) in May 1997 and endorsed by the Amsterdam European Council, called on the Commission to carry out a study on computer-related crime. The Commission presented the study (known as the "COMCRIME study") in April 1998.
• The Tampere European Council acknowledged that high-tech crime should be included in efforts to reach agreement on common definitions and penalties for a number of criminal offences.
• Initial measures have been adopted under the Union's strategy for combating high-tech crime

Definition of computer-related crime

The communication addresses computer crime in its broadest sense as any crime involving the use of information technology. The terms "computer crime," "computer-related crime," "high-tech crime" and "cybercrime" share the same meaning in that they describe a) the use of information and communication networks that are free from geographical constraints and b) the circulation of intangible and volatile data.

The main offences covered by existing European and national legislation are:

• privacy offences: illegal collection, storage, modification, disclosure or dissemination of personal data;
• content-related offences: the dissemination of pornography, in particular child pornography, racist statements and information inciting violence;
• economic crimes, unauthorised access and sabotage: offences relating to unauthorised access to systems (e.g. hacking, computer sabotage and distribution of viruses, computer espionage, computer forgery, and computer fraud);
• intellectual property offences: violations of the legal protection of computer programs and databases, copyright and related rights.

Legislative and non-legislative proposals

Legislative measures aimed at approximating national provisions on cybercrime need to be backed up by non-legislative measures such as:

• the creation of specialised national units (law enforcement and judicial authorities);
• continuous, specialised training for police and judicial authority staff;
• the creation of a harmonised set of rules for police and judicial record-keeping and appropriate tools for statistical analysis of computer crime;
• the establishment of a European forum to foster cooperation between the various players;
• encouragement for direct action by industry against computer-related crime;
• EU-funded research and technological development (RTD) projects.

The Commission will present legislative proposals on:

• approximating Member States' laws on child pornography offences;
• approximating substantive criminal law in the field of high-tech crime;
• applying the principle of mutual recognition to pre-trial orders associated with cybercrime investigations involving more than one Member State.

Planned non-legislative measures include:

• creation of a European forum bringing together law enforcement agencies, service providers, network operators, consumer groups and data protection authorities with the aim of stepping up cooperation at EU level;
• further action to promote security and trust in the context of the eEurope initiative, the Internet Action Plan, the Information Society Technologies (IST) Programme and the next framework programme for RTD;
• launch of further projects under existing programmes to support the training of staff;
• financing of measures aimed at improving the content and usability of the database of Member States' national laws provided by the COMCRIME study.

RELATED ACTS

Proposal for a Council Framework Decision on attacks against information systems [COM(2002) 173 final - Official Journal C 203 E of 27.8.2002]

The purpose of this proposal is to develop effective tools and procedures in order to step up judicial cooperation in the field of criminal attacks against information systems.

Council Recommendation of 25 June 2001 on contact points maintaining a 24-hour service for combating high-tech crime [Official Journal C 187 of 3.7.2001]

The purpose of this recommendation is to deal as swiftly and professionally as possible with the various types of high-tech crime.

Last updated: 12.09.2005