CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Portugal Updates Cybercrime Law to Exempt Security Researchers

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Portugal has amended its cybercrime law to provide legal protection for good-faith security research. The new provisions in Article 8.o-A, titled "Acts not punishable due to public interest in cybersecurity," exempt security researchers from criminal liability under strict conditions. These conditions include the purpose of identifying vulnerabilities, not seeking economic benefit beyond professional compensation, immediate reporting, and adhering to ethical research practices. The law also specifies prohibited techniques and data handling requirements. This update aligns Portugal with similar legal frameworks in Germany and the U.S., recognizing the importance of security research in improving cybersecurity. Additionally, the UK is exploring similar legal protections for ethical hackers under the Computer Misuse Act.

Timeline

  1. 07.12.2025 17:09 2 articles · 1d ago

    Portugal Amends Cybercrime Law to Protect Security Researchers

    Portugal has updated its cybercrime law to include a legal safe harbor for good-faith security research. The new provisions in Article 8.o-A outline strict conditions for researchers to be exempt from criminal liability, including immediate vulnerability reporting, adherence to ethical practices, and prohibition of certain techniques. This aligns with similar legal frameworks in Germany and the U.S., emphasizing the importance of security research in improving cybersecurity.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

UK Introduces Cyber Security and Resilience Bill to Strengthen National Defenses

The UK government has introduced the Cyber Security and Resilience Bill, aiming to upgrade the 2018 NIS Regulations and bolster national cyber defenses. The bill proposes stricter security requirements for essential services, expanded incident reporting, and enhanced regulatory powers. It also includes new regulations for managed service providers and critical suppliers, with tougher penalties for serious offenses. The legislation follows multiple high-profile breaches and aims to address growing cyber threats, including those from AI and unsupported equipment. The bill aims to address annual damages of nearly £15 billion ($19.6 billion) from cyberattacks, with the average significant cyberattack costing over £190,000, totaling roughly £14.7 billion each year. The National Cyber Security Centre (NCSC) reported a 130% increase in "nationally significant" cyber incidents in 2025 compared to 2024. The Technology Secretary will have the authority to direct regulators and organizations to take actions when national security is threatened. Additionally, the House of Commons Business and Trade Committee has called for legislation to mandate the Software Security Code of Practice and proposed tax relief for businesses investing in cybersecurity measures. The Committee's report argues for making software developers liable for avoidable vulnerabilities and introducing mandatory cyber-incident reporting to build a clearer national threat picture.

Open in new tab

Europol Conference Highlights Data Access Challenges in Cybercrime Investigations

Europol's 4th Annual Cybercrime Conference 2025 convened in The Hague, focusing on the critical challenge of balancing data access for investigations with privacy and digital rights. The event underscored the need for stronger data laws and international cooperation to combat cybercrime. The conference, attended by 500 participants, emphasized the rapid exploitation of encryption and anonymization technologies by criminals, outpacing regulatory and law enforcement adaptations. Key themes included the need for updated laws, improved cross-border data sharing, and enhanced cyber diplomacy. The event also highlighted successful operations like Operation Eastwood and Operation Ratatouille, demonstrating the impact of coordinated efforts in disrupting cybercrime activities.

Open in new tab

UK Government Withdraws Apple Encryption Backdoor Mandate

The U.K. government has withdrawn its mandate requiring Apple to implement a backdoor for accessing encrypted user data. This decision follows pressure from U.S. civil liberties advocates and Apple's previous deactivation of Advanced Data Protection (ADP) for iCloud in the U.K. The U.K. had initially issued a technical capability notice under the Investigatory Powers Act, demanding access to end-to-end encrypted cloud data. The U.S. Director of National Intelligence confirmed the U.K.'s decision, emphasizing the protection of American citizens' civil liberties. Apple had previously stated its commitment to not building backdoors or master keys for its products. The U.K. had aimed to enable blanket access to encrypted data, including for users outside the country. Critics have argued that such access could be exploited by cybercriminals and authoritarian governments. Apple had appealed the legality of the order, and Google and Meta have denied receiving similar requests from the U.K.

Open in new tab