C Crime Research Computer Crime Research Center

Home / Legislation / United Kingdom

Cybercrime Law in the United Kingdom

Updated June 1, 2026

The UK’s core computer-crime statute is the Computer Misuse Act 1990, supported by fraud, data-protection and investigatory-powers legislation.

Key laws

  • Computer Misuse Act 1990 — the central statute:
    • s1: unauthorized access to computer material
    • s2: unauthorized access with intent to commit further offences
    • s3: unauthorized acts impairing the operation of a computer
    • s3A: making, supplying or obtaining articles for use in offences
  • Fraud Act 2006 — covers fraud by false representation, common in online scams.
  • Data Protection Act 2018 / UK GDPR — data protection and breach obligations.
  • Investigatory Powers Act 2016 — interception and communications data.

Enforcement

The National Crime Agency (NCA) and regional police cybercrime units lead enforcement; the Information Commissioner’s Office (ICO) regulates data protection.

Plain-language overview, not legal advice. Laws change — verify the current statutes and seek qualified advice for any specific matter.