Portugal has updated its cybercrime legislation to protect security researchers acting in good faith, under strict conditions, from criminal liability. This development aligns with similar protections introduced by Germany and the US, promoting responsible vulnerability disclosure. #PortugalCyberlaw #SecurityResearch #LegalSafeHarbor
Keypoints
- Portugalβs new law provides legal immunity for good-faith cybersecurity research conducted under strict conditions.
- The law requires researchers to report vulnerabilities immediately to system owners and authorities.
- Actions must be limited to necessary vulnerability detection without causing harm or service disruption.
- Prohibited techniques such as DDoS, phishing, or malware deployment are explicitly banned under the new law.
- Similar legal protections for security research are also being adopted by Germany and the US.