UK to sign up to EU directive on cyber crime

The UK is to sign up to the proposed EU directive on attacks against information systems under government plans to tackle cyber crime and improve defences against terrorist-inspired cyber attacks.

But a statement of British intent in the Commons from Home Affairs Minister James Brokenshire came under immediate attack from Tory eurosceptic MPs.

Brokenshire said the directive would "ensure that there is a basic set of agreed minimum rules in relation to online crimes and penalties across the EU".

He said member states would have to respond quickly to requests from other members for assistance on cyber-crime cases and "it will mean that cyber criminals will not be able to hide in European countries that do not have as well developed laws against cybercrime as we do".

He added: "The directive also seeks to address the threat from large-scale attacks on information systems by ensuring that member states have adequate legislation to allow the prosecution and punishment of those organising, committing or supporting large-scale attacks."

The announcement received a guarded welcome from most MPs, with Labour shadow home affairs minister Diana Johnson agreeing there was a growing threat of large-scale simultaneous attacks against information systems and a need for a consistent international approach, but she criticised the government for failing to opt in sooner so as to wield greater influence over its scope.

Criticism was led by Commons EU Scrutiny Committee chairman William Cash, who complained the government had failed to observe "due process" and warn his committee, which was already considering the issue.

He was joined by Tory MP James Clappison who complained the directive involved changing UK law and creating new criminal offences without a prior debate in parliament.

But another Tory, Lorraine Fullbrook, said it was "not about sovereignty, but about practical co-operation that is vital to our national interests".

Brokenshire insisted the opt-in decision had been made "in time" and the UK's position on details had not been compromised because the final version of the directive, which was "not perfect", had still to be agreed.

He said the government is considering how to spend the £650m set aside for the national cyber security programme.