Illegal access to information systems and the Directive 2013/40/EU

Pedro Miguel F. Freitas*, Nuno Gonçalves

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)


Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013, on attacks against information systems, came into force on 3 September 2013, replacing Council Framework Decision 2005/222/JHA. It maintains existing offences and criminalizes new activities such as illegal interception and the usage of certain tools for committing offences. The offence that is the focus of this article – illegal access to information systems – is set out in Article 3. It represents a change from the wording of Art 2 (2) of the Framework Decision 2005/222/JHA in that under Art 3 of the Directive the incrimination of illegal access to information systems now depends upon whether such access infringes a security measure. This paper provides an overview of the impetus for the introduction of cybercrime laws and analysis of the key provisions of the Directive before exploring whether the wording of Art 3 is a sensible legislative approach.
Original languageEnglish
Pages (from-to)50-62
Number of pages13
JournalInternational Review of Law, Computers and Technology
Issue number1
Publication statusPublished - 2 Jan 2015
Externally publishedYes


  • cybercrime
  • illegal access to information systems
  • security measures


Dive into the research topics of 'Illegal access to information systems and the Directive 2013/40/EU'. Together they form a unique fingerprint.

Cite this