Can governments break the law if they don’t fix a hacked site?

The British government is being accused of running afoul of European law for not fully restoring a government agency website over a month after Islamist hackers took it down, The Guardian reported Tuesday.

The site in question, known as UK Air, tracks air quality throughout the United Kingdom, providing live updates and health advice. It’s a subset of the Department for the Environment, Food & Rural Affairs (Defra).

{mosads}Dafra told The Guardian that it’s needed the time to fully restore the site after it was taken over by a hacking group calling itself the Moroccan Islamic Union-Mail. The Islamist group replaced the homepage on April 7 with a propaganda message.

Officials speedily kicked out the hackers following the initial digital assault. But the assailants soon returned and reclaimed control of the site, Dafra added. To ensure security, officials had to deactivate much of the site while they worked on repairs, they said.

But with the site languishing in semi-functionality, consumer advocates say vital information is being withheld from the public, and those working in air quality control argue the lack of data is hindering their business.

Simon Birkett, director of London-based pollution monitoring firm Clean Air, said the agency is actually breaking European laws.

“After more than five weeks offline, it’s becoming clear that Defra prefers hiding air-pollution publications and the entire national monitoring network than publishing information as required by European law,” Birkett told The Guardian.

The back-and-forth highlights the challenges governments face as they try to steel their networks against the rising tide of digital threats.

Officials are under pressure to quickly restore all functions, but also fear a repeat attack from hackers who have already figured out how to infiltrate their networks.

In the U.S., the White House and State Department are still struggling to fully restore their systems months after suspected Russian hackers wormed their way in last fall.

While the breaches didn’t affect public-facing aspects of either department’s website, it has occasionally limited some email functionality for employees.

For years there have been few set requirements for how U.S. federal agencies should respond following a data breach, an issue that irked some lawmakers.

In response, Congress passed a series of small cyber bills during last year’s lame-duck session that tasked the Office of Management and Budget and the Department of Homeland Security with developing clearer guidelines.

The legislation led the White House to establish the “E-Gov Cyber” unit, which oversees agencies’ cybersecurity initiatives and issues its own security protocols.