Muscat: According to the authorities, any person who deliberately accesses a website, information system, information technology tool, or any part of it without authorization, exceeds permitted access, or continues to remain in the system after becoming aware that such access is unauthorized, commits a criminal offence.

Under Articles 5 and 7 of the Law on Combating Cybercrimes, promulgated by Royal Decree No. 61/2026, offenders may face imprisonment for up to six months, a fine of RO 1,000, or either of the two penalties.

The authorities stated that penalties become more severe if the illegal access results in the cancellation, alteration, modification, addition, distortion, corruption, copying, destruction, slowdown, publication, republication, disclosure, blocking, or encryption of electronic data and information stored within the affected system. Punishments are also aggravated if the offence causes damage to a website, information system, or information technology tool, harms users or beneficiaries, or involves the unlawful appropriation of a website address or domain name.

The law further imposes stricter penalties when the compromised data contains personal information or when the offence is committed in connection with an individual’s professional duties or during the course of employment.

However, the law provides an exception for parents, guardians, custodians, trustees, or caregivers who carry out such actions solely to protect the interests of a person who lacks, or has diminished, legal capacity. In such cases, no penalty shall be imposed.

The Public Prosecution urged individuals and organizations to respect digital security regulations and ensure that access to electronic systems and data is carried out only through lawful and authorized means.