Portugal cybercrime law safe harbor for security research
Public Sector Action
Summary
Hide ▲
Show ▼
Portugal modified its cybercrime law to create a legal safe harbor for good-faith security research, reducing criminal risk for narrowly scoped vulnerability testing. The new rule applies only when researchers follow strict conditions, including immediate reporting to the system owner and CNCS. It matters because it distinguishes responsible research from punishable hacking and sets clearer limits for lawful cybersecurity work.
Related Happenings
Portugal cybercrime law exemption for security research
Public Sector Action
First: 08.12.2025 13:43
Last: 08.12.2025 13:43
Sources 1
About this happening:
Portugal **updated its cybercrime law** to exempt **cybersecurity researchers and ethical hackers** from prosecution, creating a legal safe harbor for responsible vulnerability wo...
Portugal cybercrime law exemption for security research
Public Sector ActionAbout this happening: Portugal **updated its cybercrime law** to exempt **cybersecurity researchers and ethical hackers** from prosecution, creating a legal safe harbor for responsible vulnerability wo...
Timeline
-
07.12.2025 17:09 2 articles · 5mo ago
Portugal amends cybercrime law to protect good-faith security research
Legal Policy Action UpdatePortugal amended its cybercrime law through new Article 8.o-A, creating a legal exemption for good-faith security research that aims solely to identify vulnerabilities and improve cybersecurity through disclosure. The exemption requires immediate reporting to the system owner, any relevant data controller, and CNCS, and it bars disruptive tactics, unlawful personal-data processing, data alteration, password theft, phishing, DoS or DDoS attacks, and malware deployment.
Show sources
- Portugal updates cybercrime law to exempt security researchers — www.bleepingcomputer.com — 07.12.2025 17:09
- Portugal updates cybercrime law to exempt security researchers — www.bleepingcomputer.com — 07.12.2025 17:09