Laws about “viruses” depend a lot on whether you mean computer viruses or biological viruses, but in both cases there are clear rules that can make creating, spreading, or misusing them a crime.

Computer viruses and the law

Most modern legal systems treat harmful computer viruses as a form of cybercrime, even if the word “virus” is not always used in the statute itself.

  • In the United States, the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, makes it a crime to intentionally access computers without authorization and damage or alter data, which is how virus and worm cases are usually prosecuted.
  • Courts have held that you can be liable even if you only “intended” to access the system, not necessarily to cause the full scale of the damage that followed (as in the classic Morris worm case).
  • Many countries have similar computer-misuse laws that criminalize writing, distributing, or using malware when it causes damage, interferes with systems, or accesses data without permission.

Some key points that often show up in statutes or case law:

  • Creating or spreading a virus that damages systems, destroys data, or disrupts networks can be prosecuted as:
    • Unauthorized access
    • Criminal damage to property (where data or systems are treated as property)
    • Fraud, if the malware is used to steal money or credentials
  • Even “harmless” self‑replicating code can be treated as illegal if it causes real‑world harm, for example by overloading networks or knocking services offline.
  • Simply possessing or sharing virus code can be unlawful in some jurisdictions, especially if it is done with intent to enable crime; other systems focus on use and intent rather than mere possession.

Because laws differ by country and even by state, the same virus author can face very different legal consequences depending on where the code was written, where it spread, and which systems were affected.

Biological viruses and criminal / public health law

When it comes to biological viruses (like influenza, SARS‑CoV‑2, etc.), the law is mainly about public health powers and biosecurity / criminal responsibility.

Typical legal tools include:

  • Public health statutes that:
    • Allow authorities to order quarantine or isolation of people reasonably suspected of carrying certain communicable diseases
    • Permit restrictions on travel or movement to prevent interstate or international spread
    • Authorize closures or special rules for workplaces, schools, and public venues during serious outbreaks
  • Biosecurity and bioterrorism laws that criminalize:
    • Possessing biological agents or toxins (including certain viruses) without a legitimate protective, medical, or research purpose
    • Developing or stockpiling agents as weapons
    • Deliberately using a virus to cause harm, which can fall under terrorism, assault, or homicide statutes

For example, under U.S. federal law, knowingly possessing a “biological agent, toxin, or delivery system” in a way that is not reasonably justified by legitimate research, prophylactic, or other peaceful purposes can be punished by up to 10 years’ imprisonment.

During recent pandemics, emergency measures like mandatory quarantine, mask rules, or travel restrictions were usually based on existing public health legislation or temporary emergency decrees, rather than new permanent laws.

Civil liability and damages

Beyond criminal law, viruses can also lead to civil liability (being sued for money damages).

  • A person or company that releases a harmful computer virus can be sued for:
    • Negligence (failing to take reasonable care)
    • Breach of contract (for example, selling infected software media)
    • Misrepresentation, if they made false assurances about safety or security
  • In the biological context, someone who knowingly exposes others to a serious virus might face civil suits (for example, for negligence or wrongful death) if the law in that jurisdiction recognizes such claims.

Calculating damages can be complex in both arenas, especially where harm is widespread, cross‑border, or partly caused by third‑party systems and behaviors.

Why laws about viruses are tricky

Law struggles to keep up with how fast viruses—digital and biological—spread and evolve.

  • For computer viruses:
    • Code can cross borders instantly, so multiple countries’ laws may apply.
    • Some statutes risk being overly broad, potentially catching well‑intentioned security researchers if the wording does not clearly distinguish malicious from legitimate work.
  • For biological viruses:
    • Law must balance individual rights (movement, privacy, bodily autonomy) with the community’s interest in preventing outbreaks.
    • Legislators constantly revise rules after each major outbreak, trying to clarify powers such as quarantine, data collection, and mandatory reporting.

In both cases, intent, consent, and actual harm matter a great deal: experimental or defensive work under strict controls can be lawful, while reckless or malicious spread is heavily penalized.

TL;DR: In most places, the law says you cannot intentionally create, spread, or misuse viruses—digital or biological—when doing so damages systems, endangers people, or lacks a legitimate, peaceful purpose, and serious violations can lead to prison, fines, and civil lawsuits.

Information gathered from public forums or data available on the internet and portrayed here.