This Order, which extends only to Scotland, brings into force provisions in the Police and Justice Act 2006 (“the 2006 Act”) relating to computer misuse on 1st October 2007.

The European Union Framework Decision on Attacks Against Information Systems, adopted on 24th February 2005 requires the approximation of Member States' criminal law (offences, penalties and jurisdiction) on attacks against information systems (it is available at: http://eur-lex.europa.eu/LexUriServ/site/en/oj/2005/l_069/l_06920050316en00670071.pdf).

The provisions brought into force by this Order give effect to the Framework Decision by amending the Computer Misuse Act 1990 (“the 1990 Act”).

Section 35 of the 2006 Act amends section 1 of the 1990 Act (offence of unauthorised access to computer material) which deals with the unauthorised access to computer systems or data, commonly known as “hacking” or “cracking”. The offence has been made indictable, and the maximum sentence is increased from six months imprisonment to two years.

Section 36 of the 2006 Act substitutes a new section 3 in the 1990 Act to deal with unauthorised acts with intent to impair, or recklessness as to impairing, the operation of a computer, etc. The maximum penalty for an offence has been increased from five years' imprisonment and/or a fine to ten years' imprisonment and/or an unlimited fine.

Section 37 inserts a new section 3A into the 1990 Act and creates three new offences, each punishable on conviction on indictment with a maximum of two years' imprisonment, or a fine or both.

Section 38 makes transitional and saving arrangements for the 1990 Act so as to provide that the amendments do not apply in relation to offences committed before the coming into force of the amendments or acts done before that time.

Section 52 gives effect to Schedules 14 and 15 which make minor and technical amendments to the 1990 Act and repeal certain provisions.