Cybercrime Law in Europe (EU & Council of Europe)
Europe combines a foundational international treaty with EU-wide directives and regulations.
Key instruments
- Budapest Convention on Cybercrime (Council of Europe, 2001) — the first international treaty on cybercrime; widely ratified beyond Europe. (Note: a Council of Europe instrument, not an EU law, but foundational across the region.)
- Directive 2013/40/EU on attacks against information systems — harmonizes criminal offences for illegal access, system and data interference across EU member states.
- GDPR (Regulation (EU) 2016/679) — data protection and breach notification.
- NIS2 Directive ((EU) 2022/2555) — cybersecurity obligations for essential and important entities.
How it fits together
EU directives must be transposed into each member state’s national law, so the exact offences and penalties vary by country. Europol’s European Cybercrime Centre (EC3) coordinates cross-border investigations.
Plain-language overview, not legal advice. Verify the current consolidated texts and national transpositions for any specific question.