Researchers who uncover security flaws set to get extra protection in Germany with new law

A hacker typing on a MacBook laptop with code on the screen.

(Image credit: Sora Shimazaki / Pexels)

German law may soon be modernized to protect ethical hackers
Stricter punishments for data spying also included
Move follows recent high-profile attacks on European governments

Lawmakers in Germany are drafting legislation to provide legal protections for cybersecurity researchers who uncover and responsibly report security vulnerabilities to vendors.

The proposed legislation will look to modernize Germany’s digital law, ensuring ethical security researchers can be confident in their legal cover, whilst destructive cybercriminals can expect more severe punishments, with stricter penalties for serious cases of data espionage and interception.

“Anyone who wants to close IT security gaps deserves recognition – not a letter from the public prosecutor” said Dr Marco Buschmann, the Federal Minister of Justice.

Ethical hacker protections

Protections for researchers will be provided under a strict set of criteria. Research must be carried out with the aim of identifying a security risk or vulnerability in order to be protected. The researcher must also intend to report the identified vulnerability to a ‘responsible entity capable of addressing the issue’, such as the software manufacturer or system operator.

Finally, the actions taken to access the system must be necessary to identify the vulnerability, which prohibits excessive access outside of security research.

The new punishments will impose stricter penalties, especially on those who target critical infrastructure, such as transport networks or hospitals. This type of attack could soon lead to a prison sentence ranging from three months to five years.

European critical infrastructure has seen a significant rise in cyberattacks in recent years, especially since the Russian invasion of Ukraine. The discovery of security vulnerabilities by cybersecurity researchers can be crucial in protecting these institutions from cyberattacks by discovering and reporting flaws before malicious actors.

Until now, ethical hackers and researchers have often fallen into a legal grey area, where even well-intentioned disclosure could result in criminal prosecution. The move to protect researchers will reduce uncertainty and therefore help improve cybersecurity across the board.

Via BleepingComputer

Take a look at our pick of the best malware removal software around
Organizations are fighting a losing battle against advanced bots
Check out our choices for best free antivirus software

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.