Europe’s reliance on information systems and on electronic networks continues to grow apace. In the last few years, major, dangerous attacks of a type not seen hitherto have been carried out on those systems. The European Commission intends to replace Council Framework Decision 2005/222 JHA (24 February 2005) with ‘Judicial Cooperation in Criminal Matters: Combating Attacks against Information Systems 2010/0273(COD)’ concerning attacks against information systems.

Such legislation is required for these times; however there is concern about the influence this proposal could have on those who work in research, security and computer development. This proposal would make it illegal for anyone to possess hacking software or tools— ‘botnets’ for example. Security researchers sometimes need to use such tools to obtain unpermitted access to certain information systems, with no criminal intent.

Does the Commission intend to implement any protocols in order to protect researchers and computer developers who are obliged to use such tools for their work or research?