The UK government has formally pledged to rewrite the 35-year-old Computer Misuse Act (CMA) to shield cybersecurity professionals from potential prosecution for legitimate threat research.
Security minister Dan Jarvis confirmed the commitment on 3rd December at the Financial Times Cyber Resilience Summit 2025, announcing that individuals who responsibly identify and disclose vulnerabilities will be protected from legal repercussions.
“We’ve heard the criticisms about the Computer Misuse Act, and how it can leave many cyber security experts feeling constrained in the activity that they can undertake,” Jarvis told attendees.
Read the rest of the story at computing.
