Educational Information Only
This page provides general educational information about cybersecurity laws and regulations. It does not constitute legal advice, legal interpretation, or a substitute for professional legal counsel. Laws change frequently. Always consult a qualified attorney and verify current requirements directly from official government sources before making compliance decisions. DecipherU is not a law firm and does not provide legal services.
Computer Misuse Act 1990
The Computer Misuse Act is the UK's primary cybersecurity criminal law. It criminalizes unauthorized access to computer material, unauthorized access with intent to commit further offenses, and unauthorized acts that impair computer operation. The Serious Crime Act 2015 added Section 3ZA, which covers unauthorized acts causing serious damage to human welfare, the environment, the economy, or national security.
Quick Reference
Key Requirements
Section 1 (Unauthorized access to computer material)
It is an offense to cause a computer to perform any function with intent to secure unauthorized access to any program or data
Section 3 (Unauthorized acts with intent to impair)
It is an offense to do any unauthorized act in relation to a computer with intent to impair the operation of any computer, prevent or hinder access, or impair the operation of any program or data
Section 3A (Making, supplying, or obtaining articles for use in offenses)
It is an offense to make, adapt, supply, or obtain any article knowing it is designed or adapted for use in committing CMA offenses
How Does CMA 1990 Affect Cybersecurity Careers?
UK-based penetration testers must obtain proper authorization to avoid CMA prosecution. Section 3A affects cybersecurity tool development and distribution. Security researchers in the UK must carefully navigate CMA when conducting vulnerability research and responsible disclosure.
Cybersecurity Roles That Work With CMA 1990
Related Cybersecurity Certifications
Related Cybersecurity Laws
Read the full text of CMA 1990 at the official source: https://www.legislation.gov.uk/ukpga/1990/18/contents
Frequently Asked Questions
What is CMA 1990 in cybersecurity?
The Computer Misuse Act is the UK's primary cybersecurity criminal law. It criminalizes unauthorized access to computer material, unauthorized access with intent to commit further offenses, and unauthorized acts that impair computer operation. The Serious Crime Act 2015 added Section 3ZA, which covers unauthorized acts causing serious damage to human welfare, the environment, the economy, or national security.
How does CMA 1990 affect cybersecurity careers?
UK-based penetration testers must obtain proper authorization to avoid CMA prosecution. Section 3A affects cybersecurity tool development and distribution. Security researchers in the UK must carefully navigate CMA when conducting vulnerability research and responsible disclosure.
What are the penalties for CMA 1990 non-compliance?
Section 1: up to 2 years; Section 3: up to 10 years; Section 3ZA: up to life imprisonment for acts causing damage to national security
Educational Information Only
This page provides general educational information about cybersecurity laws and regulations. It does not constitute legal advice, legal interpretation, or a substitute for professional legal counsel. Laws change frequently. Always consult a qualified attorney and verify current requirements directly from official government sources before making compliance decisions. DecipherU is not a law firm and does not provide legal services.
Sources
Explore Related Cybersecurity Resources
Get cybersecurity career insights delivered weekly
Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.
Get Cybersecurity Career Intelligence
Weekly insights on threats, job trends, and career growth.
Unsubscribe anytime. More options