Portugal Updates Cybercrime Law to Exempt Security Researchers Acting in Good Faith

Portugal has amended its cybercrime legislation to introduce a legal exemption for security researchers acting in good faith. This update, effective December 2025, ensures that hacking activities conducted without malicious intent and under strict conditions are not punishable by law. The amendment aims to protect cybersecurity research and encourage the responsible disclosure of vulnerabilities. This legislative change is part of a broader trend, with the United Kingdom also considering similar amendments to its Computer Misuse Act. By providing legal protections for security researchers, Portugal is fostering an environment that supports innovation and collaboration in cybersecurity. From a technical perspective, the exemption is expected to benefit security professionals engaged in activities such as penetration testing, vulnerability analysis, and ethical hacking. These activities are crucial for identifying and mitigating security weaknesses but often operate in a legal gray area. With this amendment, researchers can conduct their work without the fear of legal repercussions, thereby enhancing the overall security posture of organizations and individuals in Portugal. However, the source does not provide specific details on the conditions that must be met for the exemption to apply. For instance, it is unclear how the law defines "good faith" or what specific activities are covered. Additionally, there is no mention of technical standards or tools that researchers must adhere to. This lack of detail makes it challenging to assess the full implications of the law and its potential impact on the cybersecurity landscape. Despite these uncertainties, the amendment is a positive step towards supporting the cybersecurity community. It underscores the importance of legal frameworks that balance the need for security with the necessity of research and innovation. As cyber threats continue to evolve, such measures can play a crucial role in promoting a safer digital environment.