(Telecompaper) The EU has agreed to tougher penalties for cyber criminals under a draft directive passed by the European Parliament. The parliament earlier reaching a preliminary agreement with the EU Council on the text of the directive, and the Council is expected to give its final approval soon. The law sets a minimum penalty of two years for crimes such as illegally accessing or interfering with information systems, illegally interfering with data, illegally intercepting communications or intentionally producing and selling tools used to commit these offences. Setting up botnets will result in at least three years in prison, and attacks against critical infrastructure, such as power plants, transport networks and government networks, can lead to a five-year prison sentence. Companies can also be held liable for offences committed for their benefit, such as hiring a hacker to spy on competitors. In addition, member states will be required to respond more quickly to urgent requests for help in the event of cyber attacks. They will have to make better use of the existing 24/7 network of contact points in order to respond to urgent requests within eight hours. Member states will have two years to implement the directive in their legislation once it has been passed by the council.