The way we communicate, work, and store information has changed significantly as more aspects of life have become digital.
While these changes have brought countless benefits, they have also led to an increase in cybercrime.
In case a LEA need to access data from a service provider (SP) in another country, there are so called Mutual Legal Assistance Treaties in place between countries. The related processes between LEAs of different countries to get access to such data are very complicated and time consuming. Short-term data exchange, i.e. in case of a terror attack, are almost impossible.
To address this, the European Union (EU) introduced the E-Evidence package, a legal framework designed to help law enforcement and judicial authorities access electronic evidence quickly and efficiently across borders.
In this blog, we will dive into what the EU E-Evidence is, where it stands today, and how it affects service providers. Let’s start with the basics.
What is E-Evidence?
E-evidence refers to any electronically stored information that can be used as evidence in a legal context. This can range from text messages, call logs, and subscriber information to social media posts, GPS data, and cloud-based records.
The EU's E-Evidence Package
The EU’s E-Evidence Regulation (EU) 2023/1543 and Directive (EU) 2023/1544 were introduced in 2023. They aim to create a simple and efficient process for law enforcement agencies in EU countries to access electronic evidence. This system allows law enforcement to request data directly from service providers, avoiding long and complicated legal procedures. This will fast-track access requests as there is no need to go through the authorities in another member state.
For example, if a request is made to a provider in Germany to share data with authorities in Italy or France, they will be required to respond within 10 days, or within 8 hours in emergencies. This will be a significant improvement over current procedures, which can take months.
The graphic below shows how the E-Evidence process will become faster and easier compared to current methods.
Based on: SECURITY UNION, FACILITATING ACCESS TO ELECTRONIC EVIDENCE
How Does E-Evidence Work?
E-Evidence allows law enforcement agencies to request three main types of data:
- Subscriber data (identifying account holders)
- Traffic data (communication patterns)
- Content data (actual messages or files shared)
To ensure privacy is protected, there are limits on how long data can be kept and how it can be processed. Only authorized personnel can access this data, and only for specific investigations.
Who Is Affected?
The directive applies to a wide range of service providers, including:
- Electronic Communications Services: Providers of internet access, email, and internet telephony services.
- Internet Domain Name and IP Numbering Services: Entities involved in IP address assignment, domain name registry, and registrar functions, as well as domain-related privacy and proxy services.
- Other Information Society Services: Platforms enabling user communication or data storage, such as social media and cloud storage services.
What Does This Mean for Telecom Providers?
Telecom providers may be required to respond faster to requests for data from foreign authorities, and to create robust processes to collect, store, and transmit data with legal safeguards in place to protect privacy. They might need to adapt their systems and protocols for quicker data sharing, ensuring they meet compliance standards set by the new Directive and Regulation.
What’s Next?
- 2026 Deadline: EU member states have to implement the directive into national law until 2026. The EU Regulation applies from August 2026.
- Telecom service providers must prepare to meet these requirements by evaluating and updating their compliance frameworks.
Need Help?
If you’re unsure how this affects your company or need help navigating the compliance process, reach out to our team. We’re here to guide you through the changes!
