Directive 2013/40/EU of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA

The EU cybercrime directive aims to approximate the criminal law of the member states in the area of attacks against information systems by establishing minimum rules concerning the definition of criminal offences and the relevant sanctions and to improve cooperation between competent authorities, including the police and other specialised law enforcement services of the member states, as well as the competent specialised EU agencies and bodies such as Eurojust, Europol and its European Cybercrime Centre, and the European Network and Information Security Agency (ENISA). The directive builds on the provisions of the Council framework decision 2005/222/JHA that it replaces by enlarging the current scope of criminalization, increasing the level of penalties and providing for a reinforced framework for cooperation between competent authorities.