E-evidence - cross-border access to electronic evidence

The e-evidence package will make it easier and faster for law enforcement and judicial authorities to obtain the electronic evidence they need to investigate and eventually prosecute criminals.  It consists of a Regulation and a Directive, which will:

• create a European Production Order: this will allow a judicial authority in one Member State to obtain electronic evidence (such as emails, text or messages in apps, as well as information to identify a perpetrator as a first step) directly from a service provider or its legal representative in another Member State, which will be obliged to respond within 10 days, and within 8 hours in cases of emergency (compared to up to 120 days for the existing European Investigation Order or an average of 10 months for a Mutual Legal Assistance procedure);
• create a European Preservation Order: this will allow a judicial authority in one Member State to request that a service provider or its legal representative in another Member State preserves specific data in view of a subsequent request to produce this data via mutual legal assistance, a European Investigation Order or a European Production Order;
• include strong safeguards: the new rules guarantee strong protection of fundamental rights, including safeguards for the right to protection of personal data. The persons whose data is being sought will benefit from various safeguards and be entitled to legal remedies. The authorities of the Member State where the service provider is established or represented will be involved in certain cases through a notification mechanism and can stop the production of the data based on a list of four grounds. A specific procedure involving a judge or a court is provided in case a service provider is subject to conflicts of law;
• create a decentralised IT system through which all communication between authorities and service providers can take place in a secure and reliable way, ensuring authentication of all participants.
• oblige service providers to designate an establishment or appoint a legal representative in the Union: to ensure that all providers that offer services in the Union are subject to the same obligations, even if their headquarters are in a third country, they are required to designate an establishment or appoint a legal representative in the Union for the receipt of, compliance with and enforcement of decisions and orders.
• provide legal certainty for businesses and service providers: whereas today law enforcement authorities often depend on the good will of service providers to hand them the evidence they need, in the future, applying the same rules for access to all service providers will improve legal certainty and clarity.

The new rules will enter into force on 17 August 2023 and will apply as of 17 February for the Directive and 17 August 2026 for the Regulation. They respond to strong calls for action by Member States and industry and are based on a thorough impact assessment analysing the problem, the options and the impacts of the various options, supported by extensive stakeholder consultations including a public consultation

Position papers submitted to the 2017 public consultation on improving cross border access to electronic evidence in criminal matters

Summary Report of the public consultation on improving cross-border access to electronic evidence in criminal matters

The European Commission proposed on 5 February 2019 to start international negotiations on cross-border access to electronic evidence, necessary to track down dangerous criminals and terrorists.

Following up on the European Council Conclusions from October 2018, the Commission presented two sets of negotiating directives, one for negotiations with the United States and one for the Second Additional Protocol to the Council of Europe “Budapest” Convention on Cybercrime. Both negotiating directives were approved by the Council and include strong privacy, data protection and privacy safeguards.

Whereas negotiations with the United States are ongoing, the Second Additional Protocol was adopted on 17 November 2021 by the Council of Europe Committee of Ministers. On 5 April 2022, Council authorised Member States to sign the Protocol. On 14 February 2023, they authorised Member States to ratify it, after the European Parliament had given its consent.

Second Additional Protocol to the Cybercrime Convention on enhanced co-operation and disclosure of electronic evidence

Access to e-evidence: Council authorises member states to ratify international agreement - 14 February 2023

Access to e-evidence: Council authorises member states to sign international agreement - 5 April 2022

Council Decision authorising the European Commission to participate, on behalf of the European Union, in negotiations on a Second Additional Protocol to the Council of Europe Convention on Cybercrime - 21 May 2019

Addendum to the Recommendation for a Council Decision authorising the European Commisson to participate, on behalf of the European Union, in negotiations on a Second Additional Protocol to the Council of Europe Convention on Cybercrime - 27 May 2019 

Council Decision authorising the opening of negotiations with a view to concluding an agreement between the European Union and the United States of America on cross-border access to electronic evidence for judicial cooperation in criminal matters - 21 May 2019

Addendum to the Recommendation for a Council Decision authorising the opening of negotiations with a view to concluding an agreement between the European Union and the United States of America on cross-border access to electronic evidence for judicial cooperation in criminal matters - 27 May 2019