Cyber criminals might face tougher penalties in the European Union (EU) under new rules recently adopted by the European Parliament, according to the institution. The draft directive aims to facilitate prevention and to boost police and judicial cooperation in this field.

The draft was adopted by 541 votes to 91, with 9 abstentions and has to be formally adopted by the Council. Once adopted, member states, including Romania, will have two years to transpose it into national law.

According to the draft law, which was already informally agreed with member states, a penalty of at least three years' imprisonment was set in the case of "botnets” for establishing remote control over a significant number of computers by infecting them with malicious software. Attacks against "critical infrastructure", such as power plants, transport networks and government networks, can lead to a five-year prison sentence.

The draft law also requires EU member states to respond quickly to urgent requests for help in the event of cyber attacks.

“Legal persons, such as firms, would be liable for offenses committed for their benefit, such as for hiring a hacker to get access to a competitor's database. Penalties could include exclusion from entitlement to public benefits or closure of establishments,” reads a statement of the European Parliament.

Romania ranked 7th in Bloomberg’s Top Ten Hacking Countries published earlier this year. With 2.8 percent of global cyber-attacks coming from Romania in the last quarter of 2012, the country sat between India in eighth place and Brazil in sixth. Bloomberg used information from Akamai Technologies, which supports businesses in providing high-speed content.

Irina Popescu, irina.popescu@romania-insider.com