Legal base	Article 83(1) TFEU; co-decision; QMV
Document originated	30 September 2010
Deposited in Parliament	5 October 2010
Department	Home Office
Basis of consideration	Minister's letter of 1 April 2011
Previous Committee Report	HC 428-xvi (2010-11), chapter 3 (9 February 2011); HC 428-vi (2010-11), chapter 6 (3 November 2010)
To be discussed in Council	11-12 April 2011
Committee's assessment	Legally and politically important
Committee's decision	Not cleared; further information requested

Background and previous scrutiny

5.1  The draft Directive would repeal a 2005 Framework Decision which required Member States to criminalise unauthorised access to, or interference with, information systems and computer data, while retaining most of its core provisions and introducing some new elements to strengthen Member States' capacity to prevent and prosecute large-scale attacks against information systems. The Commission believes that additional EU measures are needed to take account of the emergence of new and more sophisticated tools which have the potential to infect critical governmental and private sector information infrastructure and cause significant damage.

5.2  The UK is bound by the 2005 Framework Decision and the offences and penalties it prescribes are reflected in the Computer Misuse Act 1990. The draft Directive is subject to the UK's opt-in. The purpose and content of the draft Directive, and the Government's views on it, are set out in our Sixth Report of 3 November 2010. The Parliamentary Under-Secretary of State for Crime Prevention (James Brokenshire) told us in his Explanatory Memorandum of 13 October 2010 that significant new legislation would not be needed to implement the draft Directive in the UK. However, some changes were likely to be required in the following areas, although the need for and extent of any change would depend on the outcome of negotiations:

• criminalising the creation, possession and distribution of tools or devices for the purpose of illegal interception of information systems;
• increasing the level of some criminal penalties; and
• extending the basis for exercising criminal jurisdiction.

5.3  The Minister informed us by a letter dated 31 January 2011 that the Government had decided to opt into the draft Directive but that he would ensure that concerns we had raised in our Report of 3 November would be reflected in the UK's negotiating mandate. Our principal concerns were that:

• the definition of criminal offences lacked clarity and legal certainty; and
• the draft Directive would extend the basis for exercising criminal jurisdiction in the UK.

5.4  We considered that the draft Directive, unless amended in the course of negotiations, would require some change to existing criminal law in the UK and therefore recommended that the Government's decision to opt in should be debated in European Committee B, while retaining the proposal under scrutiny. That debate has not yet taken place.

The Minister's letter of 1 April 2011

5.5  The Minister informs us of the Presidency's intention to seek "full agreement" of the draft Directive at the Justice and Home Affairs Council on 11-12 April, and adds, "We did not seek this approach, and do not support it." He continues:

"We do not have the final text that will go to the JHA Council, and indeed there will be meetings over the course of the next week to resolve the outstanding issues on the Articles, meaning we will see several versions before the final package is known. However, on the basis of the initial text, your Committee questioned whether the wording in Articles 3, 4 and 5 on 'cases which are not minor' was clear enough, especially when the Directive is subject to the jurisdiction of the European Court of Justice. We agree with the point made by your Committee, and have raised this point during negotiations. While most Member States do not wish to have the text removed, we now have a recital which provides that Member States determine what constitutes a minor case in accordance with national law and practice. We support such an approach as the decision about whether to prosecute in a particular case can then still be left to prosecutorial discretion."

5.6  The Minister says that the Presidency has proposed leaving it to each Member State to determine whether it wishes to exercise criminal jurisdiction on the basis of the offender's habitual residence, but adds that the Government continues to argue against the inclusion of nationality as a mandatory ground for establishing jurisdiction.

5.7  The Minister also highlights the following issues:

• a need for greater clarity on the mens rea (guilty intent) required for the offences contained in the draft Directive; and
• lack of agreement on the definition of "aggravating circumstances" and, in particular, whether these should include "the misuse of identity data" to commit an offence, as well as the level of penalties that should apply in such circumstances.

5.8  The Minister says that the Presidency and most Member States would like to amend the proposed definition of the offence of illegal access to an information system by introducing a new requirement that a security measure must also have been breached. He adds:

"Whilst our preference was for the text to be more ambitious in requiring Member States to have in their law an offence for illegal access to a computer system without such a condition, we propose to support this approach."

5.9  The Minister concludes:

"I recognise that the Directive as a whole remains under scrutiny in your Committee, with a debate planned for May in the European Standing Committee. However, if the Presidency pushes for a deal which reflects the UK position as above I would seek your clearance to participate in an agreement on the Presidency package. In the meantime we have alerted the Presidency to the ongoing scrutiny position and will keep you informed of developments."

Conclusion

5.10  We think that the haste with which the Presidency is pressing for full agreement at the April Justice and Home Affairs Council perfectly illustrates the dangers inherent in a legislative procedure which lacks transparency and openness. Although we are told that a political agreement on this important proposal is imminent, the Government has yet to see the final text that will provide the basis for that agreement. It is evident that some fundamental issues, for example, the degree of criminal intent required, the definition of aggravating circumstances, the level of criminal penalties to be applied, and the basis for exercising criminal jurisdiction, remain unresolved.

5.11  Whilst the Minister tells us that the Government does not agree with, or support, the Presidency's approach, he nevertheless asks us to waive the scrutiny reserve if the Government considers the eventual deal put on the table by the Presidency to be acceptable. We are not willing to endorse such an approach and consider that it would be inconsistent with our mandate as a scrutiny committee to do so. In light of the number of outstanding issues, and the continuing uncertainty as to how these will be dealt with by the Presidency, we have no hesitation in concluding that an agreement at this stage would be premature and ill-considered. The draft Directive therefore remains under scrutiny and we ask that the Minister seek to delay political agreement to allow the necessary time for Member States and national parliaments to consider what is a significant legislative proposal. Moreover if, despite the Government's best efforts, the Presidency is unwilling to delay political agreement, we consider that the UK should be prepared to pull the "emergency brake" provided for in Article 85(3) TFEU in order to ensure that there is sufficient time available to resolve the key outstanding issues.

5.12  We also draw the draft Directive to the attention of the Public Administration Select Committee in light of its inquiry into the Government's overall strategy for information technology.