Summary
The Computer Misuse Act 1990 is the principal statute criminalising hacking and cybercrime in England & Wales. It creates three core offences: unauthorised access to computer material, unauthorised access with intent to commit further offences, and unauthorised acts with intent to impair the operation of a computer. It was substantially amended by the Serious Crime Act 2015 to address modern cybercrime threats.
Key Points
- Section 1: unauthorised access to computer material (basic hacking) — max 2 years' imprisonment
- Section 2: unauthorised access with intent to commit or facilitate further offences — max 5 years
- Section 3: unauthorised acts with intent to impair, or with recklessness as to impairing, the operation of a computer (includes DDoS attacks, deploying malware) — max 10 years
- Section 3ZA: unauthorised acts causing or creating risk of serious damage (e.g., threats to national security, human welfare, the environment) — max life imprisonment
- Section 3A: making, supplying, or obtaining articles for use in offences under ss.1-3 (hacking tools)
- Extraterritorial jurisdiction — offences may be prosecuted in the UK if there is a significant link to England & Wales (s.4-9)
Parts & Sections
Amendments History
2006 — Police and Justice Act 2006
Amended s.3 and introduced s.3A (making/supplying hacking tools).
2015 — Serious Crime Act 2015
Introduced s.3ZA for unauthorised acts causing serious damage, with maximum life sentence.