UK Act of Parliament 1990 United Kingdom

Computer Misuse Act 1990

What this means for your business

5 obligations

5 penalties

5 can imprison

4 guides

• Enforced by: ICO
• Applies to: United Kingdom
• On this page: 5 compliance obligations, 4 practical guides across 2 topics

Read full text on legislation.gov.uk →

What you must do

5 compliance obligations under this legislation — 5 can result in imprisonment.

Offences and prohibitions 5

Carry out unauthorised act that impairs computer operation

10 years imprisonment

If you knowingly perform an unauthorised act on a computer and either intend, or are reckless, that the act will disrupt the computer’s operation, block access to data or damage data, you can be prosecuted. The offence covers a single act or a series of acts, even if the impairment is only temporary. Conviction can lead to up to ten years’ imprisonment and an unlimited fine.

Any Person s.3 ICO

Carry out unauthorised computer act causing serious damage

life imprisonment

If you—or anyone acting for you—carry out an unauthorised act on a computer that you know is unauthorised and that causes, or creates a significant risk of, serious damage to human welfare, the environment, the economy or national security, you commit a criminal offence. On conviction in the Crown Court you face an unlimited fine and, at the very least, up to 14 years’ imprisonment, or life imprisonment where the damage relates to human welfare or national security.

Any Person s.3ZA ICO

Gain unauthorised access to computer material

2 years imprisonment

If you cause a computer to perform a function with the intention of accessing a program or data you are not authorised to view, and you know that access is unauthorised, you commit an offence. On conviction in the Crown Court you could face up to two years’ imprisonment and an unlimited fine; a magistrates’ court can also impose a fine or a shorter custodial term.

Any Person s.1 ICO

Make, supply or obtain tools for computer misuse

2 years imprisonment

If your business creates, adapts, sells, offers to sell or obtains software or electronic data knowing it will be used to carry out hacking offences under the Computer Misuse Act, you commit a criminal offence. Conviction can lead to up to two years in prison and an unlimited fine. The case can be tried in either a magistrates' court or the Crown Court depending on the seriousness.

Any Person s.3A ICO

Unauthorised computer access with intent to facilitate a crime

5 years imprisonment

If you or someone acting for your business illegally accesses a computer system and does so with the purpose of committing another offence – or helping someone else do so – you can be prosecuted, even if the further offence never happens. The offence is punishable by up to five years’ imprisonment and an unlimited fine when tried in the Crown Court, with lower but still serious penalties if dealt with in a magistrates’ court.

Any Person s.2 ICO

Penalties for non-compliance

5 penalties under this legislation. 5 can result in imprisonment. 5 carry an unlimited fine.

Prison risk

Carry out unauthorised act that impairs computer operation

Unlimited fine and/or 10 years imprisonment

Either way s.3 Penalises: Carry out unauthorised act that impairs computer operation

Prison risk

Carry out unauthorised computer act causing serious damage

Unlimited fine and/or life imprisonment

Indictable only s.3ZA Penalises: Carry out unauthorised computer act causing serious damage

Prison risk

Gain unauthorised access to computer material

Unlimited fine and/or 2 years imprisonment

Either way s.1 Penalises: Gain unauthorised access to computer material

Prison risk

Make, supply or obtain tools for computer misuse

Unlimited fine and/or 2 years imprisonment

Either way s.3A Penalises: Make, supply or obtain tools for computer misuse

Prison risk

Unauthorised computer access with intent to facilitate a crime

Unlimited fine and/or 5 years imprisonment

Either way s.2 Penalises: Unauthorised computer access with intent to facilitate a …

Practical guidance

Our guides explain how to comply with the requirements above.

Tech Sector Compliance Overview

Comprehensive guide to regulatory compliance for technology businesses - UK GDPR, data protection, online safety, cybersecurity, and sector-specific requirements.

Computer Misuse Act Compliance

How to comply with the Computer Misuse Act 1990 when conducting security testing, developing security tools, or running bug bounty …

Respond to a ransomware attack

Emergency response guide for ransomware attacks. Covers immediate containment, recovery options, reporting requirements, and ransom payment decisions. For businesses currently …

Cyber security requirements for UK businesses

How to protect your business from cyber threats and comply with UK cyber security requirements. Includes Cyber Essentials certification, data …

Sections and provisions

21 classified provisions from this legislation.

12 Offences and penalties 4 Definitions

Offences and penalties 12

• s.1 Unauthorised access to computer material. →
• s.2 Unauthorised access with intent to commit or facilitate commission of further offences. →
• s.3A Making, supplying or obtaining articles for use in offence under section 1, 3 or 3ZA →
• s.3ZA Unauthorised acts causing, or creating risk of, serious damage →
• s.3 Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc. →
• s.6 Territorial scope of inchoate offences related to offences under this Act. →
• s.8 Relevance of external law. →
• s.11 Proceedings for offences under section 1. →
• s.12 Conviction of an offence under section 1 in proceedings for an offence under section 2 or 3. →
• s.13 Proceedings in Scotland. →
• s.14 Search warrants for offences under section 1. →
• s.16A Northern Ireland: search warrants for offences under section 1 →

Definitions 4

• s.4 Territorial scope of offences under this Act. →
• s.5 Significant links with domestic jurisdiction. →
• s.10 Savings →
• s.17 Interpretation. →