Security Minister: Government looking at creating ‘statutory defence’ for Computer Misuse Act

3 Dec

On Wednesday 3rd December, Security Minister Dan Jarivs MP announced that the Government is looking at a “legal change” to the Computer Misuse Act to “create a ‘statutory defence’ for … researchers to spot and share vulnerabilities”.

Speaking at the FT Cyber Resilience Summit 2025, the Security Minister outlined that this would “protect [researchers] from prosecution, as long as they meet certain safeguards.”

The campaign has long been calling for such a defence to be introduced, and this announcement therefore represents a significant breakthrough after many years of campaigning.

Commenting on the news, a spokesperson from the CyberUp Campaign said:

“This announcement is a major breakthrough for the UK’s cyber sector. It sends a clear signal that Government understands the importance of enabling security researchers to operate without fear of prosecution for legitimate work. This is the most significant movement on Computer Misuse Act reform in decades, and we look forward to working with the Home Office to ensure the final legislation is robust, future-proof, and provides sufficient protections for both vulnerability and threat intelligence researchers.”

Daniel Laing

Security Minister: Government looking at creating ‘statutory defence’ for Computer Misuse Act

On Wednesday 3rd December, Security Minister Dan Jarivs MP announced that the Government is looking at a “legal change” to the Computer Misuse Act to “create a ‘statutory defence’ for … researchers to spot and share vulnerabilities”.

Campaign responds to the presentation of landmark Cyber Security and Resilience Bill

To learn more about the Campaign