Portugal and UK Move to Legalize Ethical Hacking for Security Researchers Portugal and the UK are taking steps to protect cybersecurity researchers from legal repercussions for ethical hacking. Last week, Portugal’s parliament passed legislation exempting researchers from prosecution when probing systems to uncover vulnerabilities, while the UK signaled plans to follow suit. In a speech, UK Security Minister Dan Jarvis criticized the country’s outdated 1990 Computer Misuse Act, arguing it stifles security experts who play a critical role in strengthening digital defenses. Jarvis emphasized that researchers help identify unknown vulnerabilities, making systems more resilient—work that should be encouraged rather than penalized. The moves reflect a growing recognition that legal barriers can hinder efforts to improve cybersecurity, leaving critical infrastructure exposed. Both countries aim to strike a balance between deterring malicious hacking and enabling legitimate research to bolster national security.

There will be “national security exemptions” to the ransomware payment ban proposed by the UK government, according to British Security Minister Dan Jarvis. The ban, which was subject to public consultation from January to April 2025 and received support from three-quarters of respondents, was confirmed in July and described in more details by the UK government in a policy paper published on September 2. If adopted, the new legislative proposal would ban ransomware payments for public sector and critical national infrastructure (CNI) organizations as well as require other businesses to notify the government of any intent to pay a ransom to attackers. Speaking at the Financial Times’ Cyber Resilience Summit: Europe, held in London on December 3, the minister said the proposition was his “personal priority.” He also said that the current arrangements for each organization to choose whether to pay cybercriminals a ransom is “not sustainable” as it doesn’t offer organisations any meaningful guarantee they will get their data back. Security Minister Pushes Ban Across Government and CNI Organizations Asked about the next steps for the proposal, Jarvis said it will be adopted “when parliamentary time allows.” He continued by explaining he is currently “seeking agreement across government” and consulting with CNI organizations and the private sector to “ensure that our proposals are going to work in the most effective way.” Jarvis said that the government has acknowledged war