Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cybercrime law. Show all posts
Portugal
Cyber Crime CyberCrime cybercrime law Portugal

Portugal Updates Cybercrime Law To Protect Good-Faith Security Researchers

 

Portugal has updated its cybercrime law to offer legal protection to security researchers who probe systems in good faith and report vulnerabilities responsibly. The change creates a legal safe harbor for ethical hacking, turning what was previously classified as illegal access or data interception into a non-punishable act when strict conditions are met. The new provision appears in Article 8.o-A under the title "Acts not punishable due to public interest in cybersecurity." 

It states that hacking activities aimed at finding vulnerabilities and improving cybersecurity will not lead to criminal charges if several requirements are followed. To qualify for legal protection, researchers must act only to identify weaknesses that they did not introduce and must not seek financial reward beyond normal professional compensation. They must report the issue immediately to the system owner, any relevant data controller and the Portuguese cybersecurity authority CNCS. 

The law also requires that actions remain limited to what is necessary for detection. Researchers cannot disrupt services, modify data, steal information or cause damage. Personal data protected under GDPR must not be processed illegally, and banned techniques such as DDoS attacks, phishing, malware deployment and social engineering are not allowed. 

Any sensitive data accessed during testing must be kept confidential and deleted within 10 days after the vulnerability is fixed. Acts carried out with the explicit consent of the system owner are also exempt from punishment, but vulnerabilities discovered during the process must still be reported to the CNCS. Cybersecurity professionals view the change as an important step toward separating responsible research from criminal activity. 

The law provides clarity on what is allowed while giving ethical hackers the legal protection they have long requested. Portugal joins a growing number of countries adapting cybercrime laws to support good-faith research. Germany proposed similar protections in late 2024, and in 2022 the United States Department of Justice revised its prosecution guidelines under the Computer Fraud and Abuse Act (CFAA) to exempt responsible security testing. 

These legal reforms reflect an increasing recognition that ethical hackers play a key role in helping organizations find and fix security flaws before real criminals take advantage of them. Supporters say the new rules will encourage more vulnerability reporting and strengthen global cybersecurity.
Read more »
Subscribe to: Comments (Atom)