The Law dated July 18th 2014 ("the Law") was published in the Official Gazette on July 25th 2014 (Mémorial A n°133 p. 2134) and republished with appended Convention on Cybercrime signed in Budapest on November 23rd 2001 ("the Convention") in the Official Gazette on August 12th 2014 (Mémorial A n°157 p. 2406).

The Convention is the first international treaty on crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security. It also contains a series of powers and procedures such as the search of computer networks and interception. The Convention was open for signature by the member States of the Council of Europe and by non-member States which have participated in its elaboration in Budapest, on November 23rd 2001.

Its main objective is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international co- operation.

The Law addresses the threat against computer systems by:

  • amending the existing provisions of the Criminal Code (recognition of phishing, inclusion of electronic keys in the list of items that can be used by perpetrators of racket, theft or breach of trust, and increase of the fine relating to the forgery of electronic keys);
  • adding new offences (interception of computer data, misuse of devices, and misuse of electronic signature).

The Law has an impact on AML legislation as it broadens the scope of the primary offences which will include child pornography, illegal access, interception or interference into a computer system, and certain related provisions of the law on electronic trade and the law on data protection.

Procedural tools are provided for by the Law, like expedited preservation of stored computer data (including traffic data), production order, search and seizure of stored computer data, real time collection of computer data or traffic data, interception of content data, and a 24/7 technical assistance network among others.

Cyber risk increasingly presents a major risk to the economic environment, regardless of industry.

In the context of M&A, dealmakers (whether buyer or seller) should seriously consider this threat on cyber security. They should therefore implement an appropriate due diligence. Criminals, hacktivists, competitors or even States are among the concerns to take into consideration when an M&A deal is contemplated. Data-driven businesses should be assessed from this point of view, and the evaluation of cyber risk should be performed in the same way as any other risk affecting the value of a target company.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.