Last Wednesday, after some delays along the way, the Government finally passed an Act introducing a new "denial of service" offence, punishable by up to ten years in prison. The text of the draft bill, including the relevant wording, can be found here - see section 34 in relation to the offence for carrying out "unauthorised acts with intent to impair operation of computer".
As we have previously reported, the existing Computer Misuse Act had been widely criticised for being out of date and leaving loopholes for denial-of-service attackers to exploit, notably in the wake of the initial acquittal of David Lennon a year ago after he initiated the sending of millions of emails to an ex-employer. Though Lennon was subsequently sentenced to a two month curfew on appeal under the existing law, the Government has nonetheless pressed ahead with the change, which should address some areas of ambiguity.
The new Act also introduces an offence of "making, supplying or obtaining articles for use in computer misuse offences", which might catch for example anyone creating a virus and making it avaiable for distribution by third parties.