Regulation of Criminal Activities on the Internet in the Republic of Bulgaria


    1. Current state of the legislation

Only recently Bulgaria adopted a new legislation to deal with criminal activities on the Internet. Prior to this year, the criminals (if ever caught) were tried under obsolete laws and convicted for criminal activities that didn’t reflect the true nature of the crime. It was not until Bulgaria signed the Council of Europe Convention on Cybercrime ETS No. 185 (from here onwards referred to as “The Convention”) on 23 November 2001 (ratified on 1 October 2002) that new legislation was seriously considered.

Amendments to the Criminal code (substantive law), with respect to computer crime, were adopted on 13 September 2002 and published in the State Gazette No. 92/2002. The amendments substantially follow the requirements of the Convention. The approach of the legislator has been to arrange the related articles in the Criminal code (from now on referred to as CC), individualizing a separate chapter - “Computer crime” (chapter IXa), and modifying some existing sections treating traditional crimes to reflect the advance in technology, namely “Breach of confidentiality of correspondence”, “Fraud” and “Destruction and impairment”.

The term definitions of “computer system”, “computer data” and “service provider” are present in the CC (Art. 94) and appear to be an adaptive word-for-word translation from the mentioned convention.

Chapter IXa of the CC (“Computer Crime”) envisages the computer crimes in their “pure” state. It criminalizes deeds against the security, integrity and normal functioning of computer systems and computer informational data. There are two forms of penalties prescribed: fine ranging from 1000 levs to 5000 levs; imprisonment, ranging from up to one year to eight years in the most severe cases that lead to gross damages. The penalties are to be inflicted either separately or in combination. More severe punishments are to be imposed should the criminal acts represent cases of repetitiveness, plotting to commit a crime or the immediate object of the crime was a state secret.

Art. 319e CC establishes the criminal liability for Information service providers, in particular the intermediaries of an electronic statement, as stipulated in Art. 6 of The Electronic Document and Electronic Signature Act in regard to failure to comply with his obligation to store information for a term of six months so as to ensure conditions for exact determination of the time and source of the transferred electronic statements. The punishment for this criminal offense is up to 5000 levs.

The doers of other types of crimes, in the course of which “pure” computer crimes were committed, shall be sanctioned according to the rules of “aggregation” from the General Part of the CC.

A new paragraph 3 in Art. 171, located in Chapter III, section V “Breach of Confidentiality of Correspondence”, was introduced to criminalize illegal interception of messages sent through (including, but not limited to) computer network, by use of special technical means. The penalty provided is up to two years in prison.

Computer fraud is regulated in the newly introduced Art. 212a, systematically placed under Chapter V of CC – “Crime Against Property”, Section IV – “Fraud”. The criminal liability extends over the deeds of a person who, with the intent of procuring an economic benefit for oneself or another person, incites or upholds a fallacy in a person, by input, alteration, deletion or suppression of computer data or by use of someone else’s electronic signature, and thus damage is caused to the latter or another person. The penalty is from one to six years in prison and fine up to 6000 levs. Another instance of computer fraud is a deed comprising of unrightfully inputting, altering, deleting or removing computer informational data for the purpose of obtaining something that is not rightfully his/hers.

A special new paragraph 3 in Art. 216 (Chapter V of CC – “Crime Against Property”, Section VII – “Destruction and impairment”) is treats the unauthorized access to a computer that is of significant importance to an enterprise, legal or physical entity, which results in the destruction or impairment of someone else’s property. The crime is punished by imprisonment from one to six years and fine up to 10 000 levs. Imprudent crimes are also prosecuted.

One of the obligations to the signatory states of the Convention is to adjust the national legislation as to provide for criminal liability for infringement of intellectual property rights. Bulgaria’s CC contains provisions on the above matter, which date back to 1995. They have not been modified in the latest amendment to the CC. The relevant article (Art. 172a and Art.227 CC) although adequately introducing criminal liability for infringement, adopts the broad term “technical means” instead of the more convenient in terms of unification, internationally accepted obligations and already defined in CC term – “computer system” when referring to the means of the crime.

The requirements of the Convention with regard to child pornography are dealt with in Chapter II (“Crimes against the person”), Section VII (“Debauchery”) Art. 159, which concern generally the production, display, introduction, broadcasting, offering, selling, renting or otherwise spreading of pornographic material. Paragraph 3 of the same article represents a special, exclusive, case where for the production of the pornographic material a person under the age of eighteen or a person appearing to look like a minor (under 18 years old) was used. The punishment is increased to be up to five years in prison and a fine up to 8 000 levs. The mere possession of such pornographic materials is also criminalized with a punishment of up to one year in prison or a fine of up to 2000 levs. The production of pornographic material, such as the one described above, for another person or an organized crime group is a separate crime. In all cases confiscation of the tool of the crime is to be inflicted.

    1. Ongoing activities

1. Legislative initiatives

Currently proposal for amendment of the Criminal Procedure Codeis registered for adoption in the Bulgarian parliament which, among everything else, concerns the adoption of special rules of detecting and investigating computer crimes and in specific – cybercrimes. The proposed amendments cover:

Amendments are introduced in the Chapters of the Criminal Procedure Code that handle surrender of criminals to foreign jurisdictions and legal aid in criminal cases following obligations from the Rome statute of the International Criminal Court (ratified by the Republic of Bulgaria) and the UN Security Council Resolution No.827/1993 from 23 May 1993.

2. International cooperation

The participation of Bulgaria in INTERPOL is the major international cooperation activity with regards to combating crime in general and cybercrimes in particular. The structure within the Ministry of Internal Affairs that deals with computer crimes and coordination with the INTERPOL headquarters in France is the National Central Bureau “INTERPOL”.

Another cooperation activity, but on a regional scale, is the Stability Pact in South Eastern Europe. Among the Pact’s objectives is the fostering of cooperation in combating organized crime, corruption and terrorism and all criminal and illegal activities.

    1. Links

For more information on IPR infringement: AIPPI Criminal law sanctions with regard to the infringement of intellectual property rights

Ministry of Internal Affairs and the NCB “INTERPOL” can be reached at:

Council of Europe Convention on Cybercrime ETS No. 185

Criminal Code (in Bulgarian)

Proposal for the amendment of the Criminal Procedure Code (in Bulgarian)

Stability Pact for South Eastern Europe


Mariya Badeva

25 November 2002