사이버·기술법
사이버 범죄, 온라인 안전, AI 규제, 전자상거래 및 디지털 증거.
소개
Cyber and technology law is a rapidly evolving area covering cybercrime (Computer Misuse Act 1990), online safety (Online Safety Act 2023), electronic commerce, digital evidence, artificial intelligence, and the regulation of emerging technologies. The Computer Misuse Act 1990 remains the principal statute criminalising hacking, malware, and DDoS attacks. The Online Safety Act 2023 imposes duties on internet platforms to protect users from illegal content and (for large platforms) content that is harmful to children. The UK Government's approach to AI regulation is currently principles-based rather than legislation-driven, though sector-specific regulators are developing AI frameworks.
In Brief
Accessing a computer without authorisation is a criminal offence under s.1 Computer Misuse Act 1990 (up to 2 years); causing unauthorised impairment (including deploying malware or DDoS attacks) is an offence under s.3 (up to 10 years). The Online Safety Act 2023 requires platforms to remove illegal content and protect children, with Ofcom as regulator and fines of up to 10% of worldwide revenue. The Investigatory Powers Act 2016 governs lawful surveillance with 'double-lock' judicial authorisation.
핵심 원칙
Computer Misuse — The Computer Misuse Act 1990 creates three tiers of offence: unauthorised access (s.1), unauthorised access with intent to commit further offences (s.2), and unauthorised acts with intent to impair or with recklessness (s.3). Section 3ZA covers acts causing serious damage (max: life imprisonment).
Online Safety — The Online Safety Act 2023 imposes duties of care on user-to-user services and search services. Platforms must take steps to remove illegal content, protect children from harmful content, and provide transparency reports. Ofcom is the regulator.
Electronic Evidence — Digital evidence in court proceedings is governed by the Police and Criminal Evidence Act 1984 (s.69, now repealed), the Civil Evidence Act 1995, and case law on authenticity and admissibility.
E-Commerce — The Electronic Commerce (EC Directive) Regulations 2002 and the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 govern online transactions, including the 14-day cooling-off period for distance sales.
AI Regulation — The UK approach is sector-specific and principles-based. The Government's AI White Paper (2023) proposed five principles: safety, transparency, fairness, accountability, and contestability. Sector regulators (FCA, Ofcom, CMA, ICO) are developing guidance.
Deepfakes and Intimate Images — The Online Safety Act 2023 criminalises the sharing of intimate images without consent (including deepfakes). The Criminal Justice Bill (if enacted) will create a specific offence of creating sexually explicit deepfakes.
Encryption and Investigatory Powers — The Investigatory Powers Act 2016 provides for the interception of communications and requires telecommunications operators to maintain the ability to remove encryption when served with a technical capability notice.
Blockchain and Crypto — Crypto-assets are regulated by the FCA for anti-money laundering purposes. The Law Commission has recommended treating crypto-tokens as a distinct category of personal property.
핵심 법령
주요 판례
R v Gold and Schifreen
[1988] AC 1063
일반적인 시나리오
Employee hacks into colleague's email
Unauthorised access to another person's email account is an offence under s.1 Computer Misuse Act 1990, punishable by up to 2 years' imprisonment. If the access is used to commit a further offence (e.g., fraud, blackmail), it falls under s.2 with a maximum of 5 years.
Social media platform fails to remove harmful content
Under the Online Safety Act 2023, platforms have a duty to remove illegal content and protect children. Ofcom can issue enforcement notices, impose fines of up to £18 million or 10% of worldwide revenue (whichever is greater), and in extreme cases, require ISPs to block access to the service in the UK.
Related Careers
Frequently Asked Questions
Is hacking illegal even if you only look at the data?
Yes — under s.1 of the Computer Misuse Act 1990, accessing a computer without authorisation (even just viewing data, not deleting or altering it) is a criminal offence carrying up to 2 years' imprisonment. The key issue is authorisation: using someone else's password, exploiting a vulnerability, or accessing files you are not permitted to see all constitute unauthorised access.
What is the Computer Misuse Act and what does it criminalise?
The Computer Misuse Act 1990 creates three main offences: s.1 (unauthorised access to a computer — up to 2 years), s.2 (unauthorised access with intent to commit a further offence — up to 5 years), and s.3 (unauthorised acts with intent to impair or with recklessness, including DDoS attacks and deploying malware — up to 10 years). S.3ZA covers acts causing serious damage to human welfare, national security, or the economy, with a maximum of life imprisonment.
What are the duties of online platforms under the Online Safety Act 2023?
User-to-user platforms and search engines must: conduct risk assessments for illegal content and (for services likely accessed by children) content harmful to children; implement safety measures to address identified risks; provide user reporting and redress mechanisms; and publish transparency reports. Category 1 services (very large platforms) have additional duties around user empowerment and verification. Ofcom regulates compliance.
Can I be prosecuted for sharing someone else's passwords?
Sharing credentials to give someone else unauthorised access to a computer system could expose you to liability under s.1 Computer Misuse Act 1990. Commercially, sharing subscription passwords (e.g. streaming services) may breach terms of service but the CMA does not typically prosecute individuals for simple password sharing. The position may change as platforms implement more stringent enforcement.
Important Deadlines
Typical Costs
Official Resources
What To Do Next
Step-by-Step Guides
Know Your Rights
Common Scenarios
Get Professional Help