EuroISPA: National authorities must retain primary role in cross-border cybercrime investigations

Brussels, 30 October 2017- The primacy of national courts and law enforcement authorities must be retained in any future legislative initiative to enhance cross-border cooperation in the fight against cybercrime. This was the key message the European Internet infrastructure sector stressed in its response to the European Commission’s public consultation ahead of its upcoming E-Evidence initiative.

Many companies represented by EuroISPA, from access providers, hosting providers, domain name registries to hotlines, have long-standing and effective cooperation with national law enforcement authorities. ISPs are well aware of the role and responsibilities of safeguarding their users’ privacy, thus are well-versed in verifying the authenticity of demands, and whether the relevant national authority has the required competence to address such a request to an ISP. However, ISPs would encounter difficulties in assessing the authenticity of other Member States’ law enforcement authority demands. Additional obligations for ISPs to cooperate with other public authorities would be costly, time-consuming, and risky. On this basis, EuroISPA asserts that direct cross-border cooperation for e-evidence is unsuitable.

Existing tools on the EU level already provide ample options for cross-border cooperation such as the Mutual Legal Assistance procedure (MLA), the European Investigation Order (EIO) and the recently created European Public Prosecutor’s Office. These mechanisms alleviate the abovementioned issues, as ISPs are required to cooperate only with national public authorities. Moreover, disruption to current procedures on the national level could result in legal uncertainty, slowing down the process and hamper ongoing investigations. EuroISPA therefore calls for effective EU-wide implementation of existing measures before drafting new tools.

In the event of any new obligations for ISPs, cost-reimbursement regimes should be a core element. The overwhelming majority of EuroISPA members are SMEs, to whom additional requirements to directly respond to law enforcement requests from other Member States would pose significant economic burdens, as well as a risk to competition. Furthermore, there would be a disproportionate effect on SMEs. Additional resources would need to be channelled to handle cross-border data requests, such as the assessment of their legal basis, secure communication solutions, and translation costs. Many EU Member States already include costs reimbursement for ISPs in national legislation, a principle which should feature in any potential EU legislation.

EuroISPA has long been engaged in political discussions surrounding cross-border cooperation for evidence, in fora such as Europol’s EC3 communications providers advisory group, the European Commission’s DG JUST/DG HOME taskforce on E-Evidence and the European Commission’s former expert group on data retention. Here we gain further knowledge about requirements brought forward by law enforcement authorities, and take the opportunity to bring greater clarity to existing legal regimes that ISPs are subject to. Emphasis is placed on the need for transparency and safeguards to guarantee user confidence in the rule of law on the Internet in the post-Snowden era. As underscored by Chair of the EuroISPA Cybersecurity Committee Dr. Maximilian Schubert, “EuroISPA understands that law enforcement authorities need certain competences, but repeatedly stresses that the key to success lies in the proper application, evaluation and improvement of existing regimes rather than the creation of alleged silver bullets to tackle issues of law enforcement”.

Existing measures should be implemented across the EU and subsequently evaluated and refined. More effective use should be made of the existing arsenal of cross-border investigatory mechanisms, including the MLA procedure, the EIO, and the European Public Prosecutor’s Office, rather than unnecessarily increasing the already significant obligations for ISPs and placing an economic burden on SMEs.

Please find here the EuroISPA E-evidence position paper

Image Creator attribution: Nick Youngson (


EuroISPA stresses need to preserve rule of law online, in address to OSCE-COE Internet Freedom conference

Brussels, 24th October 2017– The rule of law must not be sacrificed in the fight against illegal content online, EuroISPA Vice President Dr Maximilian Schubert stressed in his address at the Internet Freedom conference in Vienna last Friday. Jointly organised by the Organisation for Security & Cooperation in Europe (OSCE) and the Council of Europe (CoE), the conference focused on the role and responsibilities of Internet intermediaries vis-à-vis illegal content.

In his address Dr Schubert addressed key contemporary policy issues, including the disproportionate content control burden placed on Internet service providers and best practices in illegal content removal. Recently, governments have called for greater responsibility and liability to be placed on Internet companies in the fight against illegal online content. However, as EuroISPA has stressed for many years, Internet service providers are simply unable to simultaneously play the role of judge, jury and executioner when it comes to removing illegal content. As Dr Schubert underscored, “Courts are the sole institutions to decide the admissibility of content. This responsibility must not be passed down to Internet providers.”

Moreover, moves by European governments to force Internet intermediaries to remove content within shorter and shorter timeframes, such as the German NetzDG, also pose a threat to free expression and due process. This risk is elevated with respect to borderline or context-specific controversial content, where an Internet intermediary would be forced to err on the side of caution and remove content, rather than run the risk of criminal and civil liability in the event that the content is actually illegal.

EuroISPA has for many years cooperated with both the CoE and OSCE on these issues, most notably in its co-authorship with the CoE of the influential Human Rights Guidelines for Internet Service Providers.

Speaking after the conference Dr Schubert said: “The overwhelming majority of the 2500 companies represented by EuroISPA, as well as in the internet ecosystem, are SMEs. SMEs are especially sensitive to compliance, and therefore economic, burdens. When crafting laws, it is essential that policymakers avoid the  “GAFA fallacy” – that is, to consider their legal action only in relation to a small cohort of very large and well-known providers – but rather, appreciate the impact on the whole Internet value chain. In that context, we will continue to advocate for clear and efficient notice & action regimes underpinned by judicial authority, in the ongoing EU-level legislative discussions around copyright reform, illegal content, and media regulation.

Increasing liability pressure on Internet intermediaries risks undermining the Digital Single Market achievements

Brussels – 10.05.2017: The increasing pressure upon Internet intermediaries to police online content risks undermining Europe’s digital ambitions, according to the European Internet Services Providers Association (EuroISPA). Reacting today to the publication of the European Commission’s mid-term review of the Digital Single Market (DSM) strategy, the 2500 ISPs represented by EuroISPA stressed the degree to which current and upcoming DSM proposals in areas such as copyright and hate speech have the risk of undermining ISPs’ ability to drive the economic and social benefits of digitalisation.

The publication of the DSM mid-term review has failed to assuage EuroISPA fears that the EU E-Commerce Directive – the legislative cornerstone of the European digital economy – is under assault in various legislative contexts. The horizontal liability framework of the E-Commerce Directive allows business in the EU to concentrate on developing innovative legal business models that serve their customers, while at the same time ensuring that they have effective systems in place to deal with various types of illegal content.  EuroISPA strongly urges policymakers in all EU Institutions to not underestimate the degree to which this predictable compliance environment is the catalyst for growth in the European economy, and instrumental in ensuring ISPs can rapidly and effectively tackle illegal content online.

Moreover, EuroISPA notes with disappointment that some of the considerable achievements of the DSM strategy – in particular the efforts to end geo-blocking – have been undermined by the lobbying of conservative legacy business models. Consumers and innovative business models lose most from disparities in regulatory regimes across Member States, and it is thus imperative for the European Commission to maintain a high-level of political will in the face of legacy business models that benefit from such.

Ultimately, EuroISPA encourages the Commission to adopt a thorough and evidence-driven approach to the fight against illegal content and the role of Internet intermediaries in such. Indeed, the Commission should :

  • Ensure that its various proposals around tackling illegal content are underpinned by procedural safeguards and redress mechanisms for Internet service providers and consumers;
  • Ensure that intermediary liability safe harbours are fully protected in EU legislative initiatives, to avoid ISPs being forced to play the role of judge, jury and executioner with regard to the legality of online content;
  • Monitor and review the actions of Member States that might undermine the above two principles, and act to ensure that Internet intermediaries across Europe operate in an environment that safeguards digital innovation and citizens’ fundamental rights.

EuroISPA welcomes the Commission’s commitment in the DSM strategy mid-term review to undertake an open and inclusive dialogue with regard to the future of Notice & Action procedures in Europe. EuroISPA members have consistently led the way in the fight against illegal content, from their stewardship of industry hotlines dedicated to fighting child sexual abuse online, to anti-spam and anti-malware initiatives across Europe. In all initiatives, EuroISPA will continue to work with EU-level policymakers to ensure a safe and secure Internet, where the fight against illegal content is underpinned by transparency, legal clarity and the rule of law.


EuroISPA 20th year anniversary cocktail

EuroISPA, the voice of the European Internet industry, is delighted to invite you to join us in celebrating our 20th year anniversary at the prestigious Bibliothèque Solvay on the evening of Tuesday 20th June.

European Commissioner for the Security Union Mr Julian King will deliver a keynote address on an evening that will also include a high-level intervention from Mr Juhan Lepassaar, Head of Cabinet of European Commission Vice-President for the Digital Single Market Andrus Ansip.

In a relaxing environment of cocktails and jazz, this event will be an opportunity to catch-up with digital policy stakeholders from Brussels and beyond, and reflect upon how far Europe has come in the efforts to realise a true digital single market.

When: 20th June 2017, from 18:30

Where: La Bibliothèque Solvay, Leopoldpark, Rue Belliard 137, Brussels 1040

Register your attendance here.


EuroISPA Annual Report 2016

This year EuroISPA celebrates its 20th year of existence as the representative body for European Internet services providers. The association was established all those years ago with the aim of elevating the voice of the fledging Internet industry and ensuring that EU and international regulation encouraged innovation in the exciting new sector. As we look back on the activities and achievements of EuroISPA in 2016, we clearly see that the founding members’ ambition bears more relevance than ever

– Oliver Süme, EuroISPA President

Read the 2016 report here.

Marking Safer Internet Day 2017

Brussels – 07.02.2017: To mark Safer Internet Day 2017, the European Internet Services Providers Association (EuroISPA) has reiterated the crucial role of Internet Hotlines in sustaining the fight against Child Sexual Abuse Material and other illegal content online.

As representative of over 2500 service providers along the Internet value chain, EuroISPA members have been at the forefront of efforts to ensure a safe environment where the Internet’s empowering character can be fully realised. Indeed, four EuroISPA member associations actually manage the national Internet Hotlines in their respective countries – processing and acting upon thousands of reports of illegal content each year.

The strength of Europe’s network of Internet Hotlines owes a great deal to the foresight of the European Institutions, which have provided essential public funding to allow Hotlines to deploy the necessary resources to tackle illegal content online.

In recent years, this essential funding has steadily diminished and there is a real risk that the great gains made thus far could be jeopardised if EU co-financing of Hotlines maintains its downward trajectory.

As the voice of Europe’s Internet Services Providers, EuroISPA abhors the misuse of its members’ networks by those users who circulate Child Sexual Abuse Material (CSAM) and other such manifestly illegal content. The association will continue to work with policymakers in the European Commission and Parliament to sustain the network of Internet Hotlines and build on the strong results to date.

EuroISPA statement to mark 2017 Data Protection Day

Internet Services Providers have a crucial interest in ensuring that Internet users have trust and confidence in online services.

It is for that reason that EuroISPA engaged intensively throughout the development of the recently-adopted EU General Data Protection Regulation. The new GDPR framework advances the interests of digital citizens, without jeopardising European ISPs’ ability to innovate and drive the European economy forward. Crucially, the regulation provides future-proof flexibility to ensure development of data-focused technologies and consumer services.

In 2017 and beyond EuroISPA will continue to engage with EU and national-level stakeholders to ensure a structured and consistent implementation of the GDPR. At the same time, we will be working closely with EU-level lawmakers as they begin to discuss new legislative proposals on privacy in electronic communications.

Ultimately, the achievement of a true digital single market in Europe depends on trust and the power of innovation. Data protection is a field in which both these key issues are at play, and EuroISPA and its members stand ready to support all stakeholders in securing a legislative framework where both can thrive.