Not much of the content seems particularly new, especially in terms of the law in the UK at the moment.
The only area where I see some potential challenges, and the
potential need for a sensible discussion between member states and industry relates to article 7
of the directive, “tools used for committing offences.”
The drafting has
clearly attempted to delineate that difficult boundary between a “hacking tool”
and a tool which is useful testing the security of a network or computer system – which, in all
likelihood, is the same software - and, to ensure that businesses and individuals remain able to test the security of their own infrastructure, implementing legislation must tread a fine line to ensure that this distinction is
recognised.
