Cybercrime Legislative Developments In Ireland

Author:Mr Pearse Ryan, Tom Browne and Sarah McDermott
Profession:Arthur Cox


On 15 January 2016 the Government introduced the long awaited Criminal Justice (Offences Relating to Information Systems) Bill 2016. The purpose of the Bill is to give effect to the provisions of Directive 2013/40/EU of 12 August 2013 on attacks against information systems (the deadline for transposition of which was August 2015).

Currently, the law on cybercrime in Ireland is contained across a number of legislative acts, namely the Criminal Damage Act, 1991 (the "1991 Act"), the Criminal Justice (Theft and Fraud Offences) Act, 2001 (the "2001 Act"), and the Criminal Justice Act 2011 (the "2011 Act"). Apart from the 2011 Act, which was introduced for particular purposes in support of An Garda Síochána (the national police force) investigations, the substantive law in Ireland, set out in the 1991 Act and 2001 Act is elderly, contains notable omissions and is seldom used as the basis for prosecution. The substantive law has been discussed previously.1

The 2011 Act was introduced primarily to facilitate Garda access to information and documentation in the course of an investigation. While it is an effective piece of legislation (which is the subject of previous discussion2) it is largely procedural in nature. Consequently, it has been fifteen years since legislation was enacted which addressed cybercrime specifically, or any substantive offences in the area were introduced. In the context of the technological developments of the last 15 years, the Bill is necessary to update the law in the area and aims to offer greater protection to modern information and communication systems.

This article sets out a brief summary of the more noteworthy provisions of the Bill. Subsequent articles will discuss the substantive provisions of the ultimate Act, including any noteworthy changes to the text of the Bill. We discuss the status of the Bill below.


The Bill removes cybercrime entirely from the remit of the 1991 Act, amending the 1991 Act to remove all references to data and cybercrime offences. The Bill also introduces a new definition of data, replicating the definition set out in the Directive. Data is defined as any representation of facts, information or concepts in a form capable of being processed in an information system, and includes a programme capable of causing an information system to perform a function"

Currently, cybercrime offences in Ireland centre on actions involving a 'computer', which is undefined in the...

To continue reading