Portugal has just lately taken a major step ahead for on-line security by updating its cybercrime regulation. This transformation, which was made public within the official Portuguese Journal (Diário da República) on December 4th underneath Decree Legislation No. 125/2025, principally provides cybersecurity researchers and moral hackers (specialists who use their abilities for good) a ‘protected harbour’ from prosecution.
The change was first noticed and publicised by safety skilled Daniel Cuthbert, the World Head of Cyber Safety Analysis for the Santander Group and co-chair of the UK Authorities’s Cyber Safety Advisory Board.
What the New Legislation Means
This new rule is enshrined in Article 8.º-A and titled “Acts not punishable resulting from public curiosity in cybersecurity,” which makes an exception for actions that beforehand might have been thought of unlawful, like unauthorised entry to a pc system or knowledge interception. The aim is to permit specialists to seek out safety holes/vulnerabilities and assist make our laptop programs safer.
Nonetheless, this safety comes with strict guidelines to forestall misuse; the researcher should be performing solely to establish flaws and contribute to higher cybersecurity, with no intention of making a living past their regular skilled pay. Additionally, they’re strictly forbidden from inflicting hurt, akin to disrupting a service or stealing private data.
Moreover, they need to not use aggressive or misleading strategies like Denial-of-Service (DoS) assaults (overwhelming a system to close it down), phishing, password theft, or malware deployment.
The regulation additionally requires researchers to rapidly report their findings to the system’s proprietor, the information safety regulator, and Portugal’s Nationwide Cybersecurity Centre (CNCS). Any knowledge they acquire throughout their work should be saved secret and deleted inside 10 days after the safety gap is mounted.
A Rising Worldwide Pattern
Portugal shouldn’t be alone in recognising the worth of those moral hackers. Different nations need to observe go well with to keep away from shutting out people who find themselves very important to our digital resilience. Within the UK, for instance, Safety Minister Dan Jarvis mentioned on December third that the federal government intends to replace the nation’s Pc Misuse Act.
He defined that the present regulation makes safety specialists really feel restricted of their work and that they need to be welcomed, not constrained. The UK is exploring including a “statutory defence” to defend researchers from authorized bother, supplied they observe sure guidelines.
As we all know it, our digital world depends on discovering and fixing vulnerabilities earlier than criminals exploit them. These authorized modifications replicate a rising understanding that moral hacking is a public-interest exercise that’s key to defending everybody’s on-line safety.
