**Portugal and UK Move to Legalize Ethical Hacking for Security Researchers**
Portugal and the UK are taking steps to protect cybersecurity researchers from legal repercussions for ethical hacking. Last week, Portugal’s parliament passed legislation exempting researchers from prosecution when probing systems to uncover vulnerabilities, while the UK signaled plans to follow suit.
In a speech, UK Security Minister Dan Jarvis criticized the country’s outdated 1990 Computer Misuse Act, arguing it stifles security experts who play a critical role in strengthening digital defenses. Jarvis emphasized that researchers help identify unknown vulnerabilities, making systems more resilient—work that should be encouraged rather than penalized.
The moves reflect a growing recognition that legal barriers can hinder efforts to improve cybersecurity, leaving critical infrastructure exposed. Both countries aim to strike a balance between deterring malicious hacking and enabling legitimate research to bolster national security.
Source: https://www.csoonline.com/article/4104382/security-researchers-given-new-boost.html
TPRM report: https://www.rankiteo.com/company/dcmsgovuk
"id": "dcm1765433387",
"linkid": "dcmsgovuk",
"type": "Vulnerability",
"date": "12/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Public Sector',
'location': 'United Kingdom',
'name': 'United Kingdom Government',
'type': 'Government'},
{'industry': 'Public Sector',
'location': 'Portugal',
'name': 'Portuguese Parliament',
'type': 'Government'}],
'description': 'Portugal has introduced an exemption for cybersecurity '
'researchers from hacking laws, and the UK is considering a '
"similar move. The UK's security minister highlighted the "
'importance of researchers in improving system resilience and '
'criticized the outdated Computer Misuse Act of 1990 for '
'constraining their work.',
'lessons_learned': 'Cybersecurity researchers play a critical role in '
'identifying and mitigating vulnerabilities, and outdated '
'laws may hinder their ability to improve system '
'resilience.',
'post_incident_analysis': {'corrective_actions': 'Update legal frameworks to '
'provide exemptions for '
'cybersecurity research and '
'ethical hacking, '
'encouraging collaboration '
'between researchers and '
'governments.',
'root_causes': 'Outdated cybersecurity laws (e.g., '
"UK's 1990 Computer Misuse Act) may "
'constrain the work of ethical '
'hackers and researchers, limiting '
'their ability to identify and '
'report vulnerabilities.'},
'recommendations': 'Governments should consider updating cybersecurity laws '
'to provide exemptions for ethical hacking and security '
'research to foster collaboration and improve national '
'cybersecurity posture.',
'references': [{'source': 'Speech by British Security Minister Dan Jarvis'},
{'source': 'Portuguese Parliament Act'}],
'title': 'Portugal and UK Consider Legal Exemptions for Cybersecurity '
'Researchers',
'type': 'Policy Change'}