The Serious Crime Bill received Royal Assent on 3 March 2015. Now the Serious Crime Act 2015, it includes amendments to the Computer Misuse Act 1990 (“CMA”). As I reported in August 2014, the amendments are designed to address growing concerns that future cyber-attacks could have very serious consequences and ensure that the perpetrators can be prosecuted and appropriately punished.
The amendments provide for the existence of a new offence in respect of unauthorised acts committed in relation to a computer which cause or create a risk of serious damage of a material kind. Damage of a material kind constitutes damage to human welfare or the environment in any place, or to the economy or national security of any country. Acts cause damage to human welfare only if they cause loss to human life; human illness or injury; disruption of a supply of money, food, water, energy or fuel; disruption of a system of communication; disruption of facilities for transport; or disruption of services relating to health. This offence is punishable by up to 14 years imprisonment (or in some cases, life imprisonment) and/or an uncapped fine.
Some of the amendments were also required to implement the EU Directive on Attacks Against Information Systems (2013/40/EU). These amendments extend the existing CMA provisions in relation to:
- the use of tools to commit offences under Sections 1 and 3 of the CMA; and
- the UK’s extra-territorial jurisdiction to prosecute individuals for certain CMA offences.