Open consultation Computer Misuse Act 1990: Call for information

Consultation description

This paper sets out the call for information on the Computer Misuse Act 1990. The consultation is aimed at UK organisations including:

  • academia
  • business
  • law enforcement agencies
  • the cybersecurity industry
  • private sector

Since the Act was passed 30 years ago, our reliance on the digital world has increased enormously and we are now critically dependent on the internet. The call’s aim is to identify whether there is activity causing harm in the area covered by the Act that is not adequately addressed by the current offences.



Q1. How would you describe the understanding that your organisation/business has of the Computer Misuse Act?

Q2. How does your organisation use the CMA, or how is it affected by it?


Q3. Do the offences set out in the CMA adequately cover cyber-dependent harms?

Q4. Are there any gaps in the legislation, and if so, what are they?

Q5. What are the potential future areas where the CMA may not adequately cover the harms?

Q6. What changes could we make now to meet those challenges?


Q7. Do the protections in the CMA for legitimate cyber security activity provide adequate cover?

Q7b. If not, what changes would you wish to see made?

Q9. What risks do you see from any changes to protections?


Q10. Do you believe that law enforcement agencies have adequate powers to tackle cybercrime?

Q11. Do you think the CMA should include any new powers (such as providing law enforcement agencies with powers to seize domain and IP seizure from criminals or criminalising data commoditisation)?


Q12. Does the CMA provide adequate criminalisation of offences under the Act carried out against the UK from overseas?

Q12b. If not, what changes would you like to see made?


Q13. Do you believe that the sentences relating to the offences in the CMA are adequate?

Q13b. If not, how would you see sentencing guidelines changed in proportion to the harms these offences cause?


Q14. Are there any other areas where you believe improvements to legislation could be made to enhance our response to cyber-dependent threats?

Q15. Are there are opportunities for improvements to the UK response to the threat from criminals operating online now we have greater flexibility to set our own laws outside of the European Union’?

International best practice

Q16. Are there examples of legislation in other countries that the UK should consider?

Q17. If so, how has this legislation empowered governments to better investigate and prosecute cyber-dependent crimes?

1 Like

Hey @robdyke could you share a link for the CMA itself? I’d also be curious to hear, given your recent experiences, your thoughts on this - Any pointers for folks who are considering responding?

Here’s something from The Law Society

1 Like

1 Like

The Computer Misuse Act 1990 to support vulnerability research? Proposal for a defence for hacking as a strategy in the fight against cybercrime.

The Computer Misuse Act in 2020

Computer Misuse Act - The Code for Crown Prosecutors

Computer Misuse Act 1990 cases

A comparison of the UK Computer Misuse Act (1990) with other European Computer Misuse Act, and the Singapore Act of 1993, and a discussion on how realistic such legislation is in practical use.

@caseyjohnellis here is the full CMA, ready for fixen


1 Like

BTW, Representative groups are asked to give a summary of the people and organisations they represent when they respond…

1 Like