The e-Evidence Regulation and its fundamental changes for cross border interaction between agencies and service providers

Criminal investigations nowadays rely heavily on digital evidence, which is often stored by service providers in other EU member states. To access such evidence, law enforcement agencies currently need to request legal assistance from the authorities in the service provider’s member state. While this is an established process, it can lead to delays and potential loss of evidence.

Regulation (EU) 2023/1543 (“e-Evidence Regulation”) aims to change this. Once in effect, authorities in EU member states will be able to issue production orders for certain data and preservation orders directly to service providers in other EU member states, without requiring their own national authority to act as an intermediary. Service providers will be legally required to produce or secure the requested data, facing significant administrative penalties if they fail to comply. However, for certain categories of data, the authorities in the service provider’s member state may object to the order, but only based on specific grounds for refusal.

The e-Evidence Regulation applies to a wide range of service providers, including electronic communication services, IP and domain name services, and various other information society services. Since the regulation does not exempt small service providers, all companies, regardless of size, must comply and establish the necessary procedures to receive, process, and respond to orders.

To facilitate secure communication between authorities and service providers, the European Commission is currently developing a decentralised IT system. This system is being designed in close collaboration with industry experts, including EuroISPA, to ensure that service providers’ expertise is considered.

The regulation will take effect on August 8, 2026. Before then, member states must designate their competent authorities, and the European Commission must adopt implementation acts for the decentralised IT system. However, several open questions remain, particularly concerning the regulation’s scope, the specific obligations of service providers, and the interaction between the decentralised IT system and similar national systems. Addressing these issues is essential to ensure the smooth implementation of e-Evidence.