Tougher penalties for a wide range of cybercrimes have been agreed by European politicians.
A draft directive outlining minimum jail terms for some crimes was adopted by the European Parliament on 4 July.
The directive says those found guilty of running a botnet of hijacked home computers should serve at least three years in jail.
It also seeks to improve co-operation between member states to investigate crimes and prosecute offenders.
“The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions,” said Cecilia Malmstrom, European Commissioner for Home Affairs in a statement.
The directive builds on Europe-wide rules that have been in force since 2005 but introduces new offences that cover use of a botnet, the theft of confidential details such as passwords and use of tools that make cybercrimes possible.
Botnets have become a staple in cybercrime circles and are used by many criminal hackers to send spam, attack websites or as a resource that can be plundered for saleable data. Some botnets have millions of PCs enrolled in them.
In addition, the directive recommends that criminals involved in some crimes should serve minimum sentences.
The longest jail term of five years should be served by those who do serious damage to systems or attack computers controlling a nation’s critical infrastructure.
In addition, it said companies could be be shut down if they hired hackers to attack rivals or steal corporate secrets.
Under terms outlined in the directive, member nations will also be required to render aid to another state stricken by a significant cyber-attack within eight hours.
The directive is widely expected to be formally adopted soon after which member states will have two years to translate it into national law.