PurposeU.K.
4.—(1) The purpose of the regulations contained in this instrument that are made under section 1 of the Act is to further the prevention of relevant cyber activity.
(2) For the purpose of paragraph (1), “relevant cyber activity” means an activity falling within paragraph (3) which—
(a)undermines, or is intended to undermine, the integrity, prosperity or security of the United Kingdom or a country M1 other than the United Kingdom,
(b)directly or indirectly causes, or is intended to cause, economic loss to, or prejudice to the commercial interests of, those affected by the activity,
(c)undermines, or is intended to undermine, the independence or effective functioning of—
(i)an international organisation, or
(ii)a non-governmental organisation or forum whose mandate or purposes relate to the governance of international sport or the Internet, or
(d)otherwise affects a significant number of persons in an indiscriminate manner.
(3) The following activity falls within this paragraph—
(a)accessing, or attempting to access, an information system,
(b)carrying out, or attempting to carry out, information system interference, or
(c)carrying out, or attempting to carry out, data interference, except where—
(i)the owner or other right holder of the information system or part of it has consented to such action,
(ii)there is a lawful defence to such action, or
(iii)such action is otherwise permitted under the law of the United Kingdom.
(4) For the purpose of paragraphs (2) and (3)—
“data interference”, in relation to digital data on an information system, means—
deleting, damaging, deteriorating, altering or suppressing that data,
rendering that data inaccessible, or
stealing that data or otherwise stealing funds, economic resources or intellectual property related to such data;
“information system” includes—
a device or group of interconnected or related devices, one or more of which, pursuant to a programme, automatically processes digital data;
digital data stored, processed, retrieved or transmitted by such a device or group of devices for the purposes of its or their operation, use, protection or maintenance;
“information system interference” means hindering or interrupting the functioning of an information system by—
inputting digital data,
transmitting, damaging, deleting, deteriorating, altering or suppressing such data, or
rendering such data inaccessible;
“integrity”, in respect of a country (whether the United Kingdom or a country other than the United Kingdom), includes—
the exercise of governmental functions of that country;
the exercise of parliamentary functions in that country;
the functioning of bodies, organisations or institutions involved in public elections or the voting process;
the operation of the criminal or civil justice system in that country;
the provision of essential services to the population, including banking, education, energy, healthcare, sewerage, transport or water;
the operation of critical national infrastructure;
“international organisation” means an organisation and its subordinate bodies governed by international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;
“prosperity”, in respect of a country (whether the United Kingdom or a country other than the United Kingdom), includes the effective functioning of the economy, or part of it, of that country.
Commencement Information
I1Reg. 4 not in force at made date, see reg. 1(2)
I2Reg. 4 in force at 14.12.2020 by S.I. 2020/1514, reg. 6(1)
Marginal Citations
M1Section 62(1) of the Sanctions and Anti-Money Laundering Act 2018 defines a “country” as including any territory, region or other place.