Cybercrime at Spain's National Court: landmark cases and current criminal framework
Analysis of Spain's cybercrime criminal framework (Arts. 197-200, 264, 270 CP) and key National Court cases: hacking, ransomware, identity theft and grooming.
# Cybercrime at Spain's National Court
Current Criminal Framework
Spain's Criminal Code regulates cybercrime across multiple sections:
- Arts. 197-200: Unauthorized access, data interception, personal data disclosure
- Arts. 264-264 ter: Computer damage (destruction, alteration, disabling data and systems). Aggravated for critical infrastructure
- Art. 248+: Computer fraud (phishing, online fraud)
- Art. 183 ter: Online child grooming
- Arts. 573-580: Cyber terrorism
Key Cases (2020-2025)
AEAT Case (2021): Ransomware attack on Spain's Tax Agency. The AN established case law on attribution of cyberattacks to state actors.
SEPE Case (2021-2023): Ryuk ransomware paralyzed Spain's unemployment agency for weeks. The vector was a phishing email. The AN investigated ransomware-as-a-service under Art. 264 CP.
Deepfake Sextortion (2023-2024): First cases of AI-generated deepfake sextortion, charged under Art. 197.7 CP (intimate image disclosure) in combination with Art. 169 CP (threats).
Cross-border Digital Evidence
Obtained through rogatory commissions (Budapest Convention 2001), European Investigation Orders (Directive 2014/41), and direct provider requests (CLOUD Act, with EU limitations).
Try Lexiel free · 28 days
Use code LEX-BLOG for double the standard trial period. Cancel anytime, no commitment.