EU Cybercrime directive: 3 States asked its full implementation

22 December 2016

The European Commission has requested 3 Member States to fully implement the Cybercrime Directive (Directive 2013/40/EU). It has addressed reasoned opinions to Belgium, Bulgaria and Ireland concerning the non-communication of national measures taken to transpose the Directive on attacks against information systems into national law.

The Directive, adopted on 12 August 2013, should have been transposed by the Member States by 4 September 2015. The Directive on Attacks against information systems criminalises the use of tools used in cyberattacks, such as malicious software, strengthens the framework for information exchange when attacks happen and provides a common European criminal law framework in this area.

The Commission considers that the measures adopted by Belgium, Bulgaria and Ireland are still not fully transposing all the provisions of the Directive into their national legislation. Belgium, Bulgaria and Ireland now have two months to notify the Commission of all measures taken to ensure full implementation of the Directive, otherwise, the Commission may refer these cases to the Court of Justice of the EU. In addition, the Commission has decided to close the infringement procedures against Greece and Slovenia after examination.