The UK government’s planned cybercrime-law reform would protect very few security researchers from prosecution, according to sources briefed on the proposal. The reported changes to the Computer Misuse Act 1990 would create a statutory defense mainly for scanning internet-facing systems, require researchers to stop once they identify a flaw, and limit eligibility to British nationals with UK Cyber Security Council accreditation—reportedly only about 300 people.
Why it matters: This could leave most bug hunters, academics, and security teams exposed to legal risk for good-faith testing, which may discourage vulnerability discovery and responsible disclosure. Organizations and researchers in the UK should watch the legislation closely because it could shape what defensive testing is legally safe to perform.
2026.05.21
100% relevant
This article appears to be the first concrete reporting on the scope and limits of the UK’s planned Computer Misuse Act reform, adding specific details about who would and would not be protected.
← Back to all stories