While the law seems aimed at blackmarket tools that can be used to create malware infested sites, it’s also likely to criminalize tools used by researchers, developers and black hats alike – including tools like fuzzers, the Metasploit penetration testing tool and the wi-fi sniffing tool Wireshark. (Perhaps even the command line would be outlawed.)

U.S. law remains murky or outright dangerous for security researchers, hacktivists and curious citizens. Provisions in the Digital Millennium Copyright Act make it a crime to get around encryption built into products, with only a few exceptions. And federal prosecutors have tried to prosecute citizens under federal anti-hacking laws for violating the terms of service on a social network.

The E.U. ban could, if enacted, have consequences across the pond. Recently, the U.K. approved extradition of one of its citizens to the U.S. to face copyright infringement charges for a site that linked to online television shows.