From ACM TechNews:
Hacking IT Systems to Become a Criminal Offense
European Parliament News (Brussels)
A draft law supported by the Civil Liberties Committee would criminalize the hacking of information technology (IT) systems and carry a minimum prison sentence of two years throughout the European Union (EU). The proposal also would outlaw the possession or distribution of hacking software or tools, while companies would be liable for cyberattacks perpetrated for their advantage. The draft law would set up harmonized penal sanctions against people who hack information systems. At least two years' incarceration would be the maximum penalty imposed by EU member states for such crimes, while offenses aggravated by the use of tools specifically designed for large-scale attacks or attacks that cause considerable damage would carry a minimum penalty of five years' imprisonment. Exploiting another person's electronic identity to execute an attack, and causing prejudice to the rightful identity owner, would be an aggravating circumstance as well, for which member states must set a maximum penalty of at least three years' imprisonment. European Parliament members also suggest harsher penalties for attacks committed by a criminal organization and/or that target critical infrastructure, but minor cases such as attacks that cause negligible damage will not face criminal sanctions.