Thursday, 12 April 2012

Businesses to be made liable for attacks under new EU proposals

Companies could be made liable for cyber attacks under new proposals approved by the Civil Liberties Committee of the European Parliament. The Committee voted in favour of proposals that make activities relating to cyber attacks a criminal offence. 

Under the proposals, companies should appoint 'legal persons' within their organisations and in a statement the European Parliament said that these 'legal persons would be liable for offences committed for their benefit, whether deliberately or through a lack of supervision', which means if a business benefits from a cyber attack, even if the act is committed by someone outside the company, people within the corporation could be made liable.
The statement added further that EU Member States will be required to 'ensure that their networks of national contact points are available round the clock' and that they have to 'respond to urgent requests within a maximum of eight hours' in order to prevent cyber-attacks spreading across borders. "We are dealing here with serious criminal attacks," said Monika Hohlmeier, Member of the European Parliament. "No car manufacturer may send a car without a seatbelt onto the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world," she said. 

Individuals would face at least two years in jail if served with the maximum penalty. Three years can be given to anyone who uses another person's 'electronic identity' in order to commit an attack that causes 'prejudice to the rightful identity owner'. 

Michiel Willems © 2012 CP Publishing Ltd. Pictures: Software News Daily.