Article Details

Portugal updates cybercrime law to exempt security researchers. Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. First spotted by Daniel Cuthbert, a new provision in Article 8.o-A, titled "Acts not punishable due to public interest in cybersecurity," provides a legal exemption for actions that previously were classified as illegal system access or illegal data interception. The exemption only applies when security researchers act for the purpose of identifying vulnerabilities and contributing to cybersecurity. The key conditions that must be met to beee safe from criminal liability are: The new article clearly defines the limits of security research, and at the same time provides legal protection for well-intended hackers. In November 2024, the Federal Ministry of Justice in Germany introduced a draft law that provided similar protections to security researchers who discover and responsibly report security flaws to vendors. Earlier, in May 2022, the U.S. Department of Justice (DOJ) announced revisions to its federal prosecution policies regarding Computer Fraud and Abuse Act (CFAA) violations, adding an exemption for "good-faith" research. Under these legal frameworks, security research is not only recognized but also given the safe space to proactively probe systems, uncover vulnerabilities, and report them without fear of legal consequences. Break down IAM silos like Bitpanda, KnowBe4, and PathAI Broken IAM isn't just an IT problem - the impact ripples across your whole business. This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.