Defenses for Ethical Hacking Proposed Under UK Computer Misuse Act


UK legislators have proposed changes to the Product Security and Telecommunications Infrastructure (PSTI) Bill that would give cyber security professionals a legal defence for their activities under the Computer Misuse Act (CMA).

The amendment has been proposed by a cross-bench group in the House of Lords, which will provide cyber security researchers, penetration testers and ethical hackers with a CMA defence for carrying out vulnerability and security research.

This will protect cyber security professionals from being prosecuted for unauthorised access, distinguishing their work from cyber criminal activity.

The CyberUp campaign, which has been advocating for changes to the UK’s cybercrime laws for over 30 years, has argued that as the current PTSI Bill contains provisions that force manufacturers to implement vulnerability policies, without a defence in the CMA, cyber researchers can face legal action if they report a vulnerability, and the company chooses to ignore such policies. 

If an amendment is introduced, it would mean that cyber security professionals would give a statutory defence for breaches of the Computer Misuse Act if they reasonably believed the owner of the network consented to research or if a breach was deemed necessary to prevent or detect crime. 

At the NEBRC, we work with an innovative team of ethical hackers from Sheffield Hallam and Northumbria Universities to provide affordable and insightful cyber security services for all. 

Such changes to current UK legislation would protect our team who work to identify vulnerabilitieswithin businesses’ networks, offer web application vulnerability assessments, and security awareness training for staff.

If you would like to find out more about our services and how changes to the legislation may affect your business, please contact the NEBRC at