Help Print this page 

Summaries of EU Legislation

Title and reference
Fight against spam, spyware and malicious software

Summaries of EU legislation: direct access to the main summaries page.
Languages and formats available
HTML html ES html DE html EN html FR
Multilingual display

Fight against spam, spyware and malicious software

Despite the passing of Community legislation banning spam in Europe, illicit online activities continue to have a negative effect on the European Union. That is why the Commission, via this Communication, is calling on regulatory authorities and stakeholders to redouble their efforts to combat spam, spyware and malicious software. The Commission hopes that the growing concern about this phenomenon will be translated into concrete measures.


Communication from the Commission of 15 November 2006 to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on fighting spam, spyware and malicious software [COM(2006) 688 final - Not published in the Official Journal].


This Communication presents a summary of the initiatives adopted so far to deal with the threats posed by spam *, spyware * and malicious software (malware). It also summarises the measures that need to be taken by Member States, businesses and the EU to ensure that this problem is dealt with in a more effective manner.


The EU recently adopted measures intended to penalise illegal online activities:

Action to raise awareness

Member States have launched campaigns to make users aware of the spam problem and how to deal with it. Internet service providers (ISPs) also offer their customers advice on how to protect themselves against spyware and viruses.

International cooperation

By its very nature, spam is a cross-border problem. A number of international cooperation initiatives and mechanisms for cross-border enforcement of the law have been put in place. The Commission has supported these initiatives by means of:

  • the establishment of the Contact Network of Spam Enforcement Authorities(CNSA), which promotes the sharing of best practice and cooperates on cross-border enforcement of the law;
  • support for the London Action Plan, which includes enforcement authorities from 20 countries and which has adopted a cross-border cooperation procedure;
  • cooperation between the European Union and its main international partners (particularly the United States, Canada, China and Japan) in the fight against spam, spyware, and illegal and malware.

Research and technological development

Under the Sixth Research Framework Programme, the Commission has launched various projects intended to help stakeholders combat spam and other forms of malicious software. Such actions include:

  • the establishment of a research community dedicated to malware containment;
  • the development of European infrastructure to monitor internet traffic;
  • the development of adaptive phishing filters which can detect unknown threats and cyber attacks.

Industry actions

Industry is playing a pro-active role in the fight against spam.

ISPs have introduced technical measures to combat spam, particularly in the field of anti-spam filters. They provide users with help desk support and software against spam, spyware and malware. In addition, most ISPs have inserted contractual clauses prohibiting online malpractices.

Mobile phone operators have introduced their own measures, in the form of codes of conduct intended to combat unsolicited messages.

Enforcement actions

The fight against spam is clearly yielding results. The filtering measures imposed in Finland have reduced the proportion of spam in email from 80% to 30%.

However, there are still substantial differences between Member States as regards the actual number of prosecutions. The authorities in some countries have launched a significant number of investigations, which had led to penalties for those engaging in spam activities. However, in other Member States, the number of prosecutions has been very small.


Action at Member State level

Obstacles remain to the effective implementation of the European Privacy Directive in most Member States. For progress to be made, there is need for a clear definition of responsibilities.

Close cooperation should be put in place at the national level between the authorities, network operators and ISPs. The aim is to promote the exchange of information and technical expertise, and to encourage the pursuit of online malpractices.

In addition, international cooperation continues to be a major element in the fight against spam and should therefore be encouraged. Efforts must also be made to ensure that the necessary resources (such as online complaints procedures) are dedicated to the enforcement of the law.

Industry action

Online software offers constitute a very much employed method for delivery and installation of spyware on users' computer terminals. In order to prevent spyware from reaching end users, companies offering software products are encouraged to clearly describe all the terms and conditions of the offer and to ensure that their software complies with data protection legislation. Self-regulation and the use of quality labels can also be used to distinguish between reputable and non-reputable companies.

Companies that sell products should introduce contractual provisions that prohibit their trading partners from the illegal use of software in advertising. Also, the Commission recommends that they monitor how advertisements reach consumers and that they follow up on instances of malpractice.

Service providers are encouraged to filter electronic mail in accordance with the relevant recommendations and guidelines (especially those issued by the working group on data protection).

Action at European level

The 2006 Communication on the review of the regulatory framework for electronic communications proposes strengthening the rules on privacy and security. The Commission may also propose new rules concerning the severity of penalties for infringements.

On account of its expertise, the European Network and Information Security Agency (ENISA) has an important role to play in the fight against illegal online activities. The Commission intends to make use of this expertise to examine the viability of a European information sharing and alert system, which would react to threats to electronic networks.

New actions intended to provide better security for information systems will be launched under the Seventh Research Framework Programme.

In addition, the Commission will continue to draft agreements with third countries concerning the fight against spam, spyware and malicious software.


The large-scale sending of unsolicited electronic messages continues to cause concern. Spam accounts for 50-80% of messages sent to end users. The majority originate from outside the EU (particularly from Asia and the United States), but 25% of unsolicited messages are passed on by European countries.

The worldwide cost of spam is estimated at EUR 39 billion.

Spam is not simply a nuisance for end users, it can also be fraudulent and criminal, particularly when it makes use of phishing software.

Key terms used in the act

  • Phishing: electronic mail that convinces end users to reveal confidential data via websites that imitate the sites of bona fide companies
  • Spyware: software that is installed on a user's computer without his knowledge. Such software transmits information on the user and his habits once connected to the internet. Such information is usually intended for use by advertisers.
  • Spam: electronic messages sent in large numbers to internet users without their consent. These unsolicited electronic messages are usually of a commercial nature. Spam is the electronic equivalent of stuffing letter boxes with advertising materials that have not been requested by their recipients.

See also

Further information on the fight against spam can be found here.

Last updated: 28.02.2007