Hackers who carry out cyber attacks against EU member states will face stiffer consequences in the coming years thanks to a decision reached by European Union lawmakers Thursday. As part of the new rules, perpetrators will face at least two years behind bars for unlawfully accessing information systems; that sentence jumps to five years if critical infrastructure like power plants, public transportation, or government servers are targeted. Illegally interfering with data. The rules also forbid the illegal interception of communications, interfering with data, and the production and sale of tools that could assist in with those endeavors.

The European Parliament is also looking to thwart the use of botnets with the new framework. Both those responsible for creating botnets and "herders" found to be infiltrating PCs will face three-year prison terms. Liability for any crimes or damages caused by botnets will be squarely placed on the companies benefitting from their use, according to Reuters. EU member states have two years to sign the agreed upon rules into law — except for Denmark, which is refraining from implementing them in favor its existing laws. An earlier draft of the proposal was approved last month.