EuroISPA, together with other industry associations, is urging the European Commission to maintain a targeted, evidence-based approach when considering further regulatory interventions; to undergo a thorough assessment of the potential impact on the economy and businesses before introducing further regulatory measures; and to explore alternative avenues, such as improving enforcement of European consumer protection rules.
https://www.euroispa.org/wp-content/uploads/2020/02/EuroISPA_featured_image25.jpg7201170Maria Chrysanthakopoulouhttps://www.euroispa.org/wp-content/uploads/2020/01/logo_euroispa_4c_invers_2-300x127.pngMaria Chrysanthakopoulou2025-06-10 11:51:492025-06-10 11:53:13Joint industry statement on the Digital Fairness Act: A call for competitiveness-driven policy
Criminal investigations nowadays rely heavily on digital evidence, which is often stored by service providers in other EU member states. To access such evidence, law enforcement agencies currently need to request legal assistance from the authorities in the service provider’s member state. While this is an established process, it can lead to delays and potential loss of evidence.
Regulation (EU) 2023/1543 (“e-Evidence Regulation”) aims to change this. Once in effect, authorities in EU member states will be able to issue production orders for certain data and preservation orders directly to service providers in other EU member states, without requiring their own national authority to act as an intermediary. Service providers will be legally required to produce or secure the requested data, facing significant administrative penalties if they fail to comply. However, for certain categories of data, the authorities in the service provider’s member state may object to the order, but only based on specific grounds for refusal.
The e-Evidence Regulation applies to a wide range of service providers, including electronic communication services, IP and domain name services, and various other information society services. Since the regulation does not exempt small service providers, all companies, regardless of size, must comply and establish the necessary procedures to receive, process, and respond to orders.
To facilitate secure communication between authorities and service providers, the European Commission is currently developing a decentralised IT system. This system is being designed in close collaboration with industry experts, including EuroISPA, to ensure that service providers’ expertise is considered.
The regulation will take effect on August 8, 2026. Before then, member states must designate their competent authorities, and the European Commission must adopt implementation acts for the decentralised IT system. However, several open questions remain, particularly concerning the regulation’s scope, the specific obligations of service providers, and the interaction between the decentralised IT system and similar national systems. Addressing these issues is essential to ensure the smooth implementation of e-Evidence.
Stefan Ebenberger
Secretary General of ISPA Austria
https://www.euroispa.org/wp-content/uploads/2024/03/EuroISPA-featured-Image-1.png7201170Maria Chrysanthakopoulouhttps://www.euroispa.org/wp-content/uploads/2020/01/logo_euroispa_4c_invers_2-300x127.pngMaria Chrysanthakopoulou2025-06-04 12:23:062025-06-04 12:25:09The e-Evidence Regulation and its fundamental changes for cross border interaction between agencies and service providers
The past year has brought several significant developments at EU level both in the Cybercrime and Cybersecurity field.
The adoption of the European Commission’s flagship project, the e-Evidence Regulation, in the summer of 2023, was a significant milestone given the ongoing discussions on the topic since 2017. For the first time, law enforcement authorities will now be able to directly address service providers established on the territory of a different Member State. The focus will now be on the technical implementation of the Regulation in the Member States, where new challenges will be posed by the EU-wide harmonisation of the national technical platforms for the secure exchange of data between law enforcement authorities and service providers via a decentralised IT-system.
Another central topic is the importance of encryption. The initial proposal on the Regulation to combat child sexual abuse stipulated detection measures that would have significantly undermined the use of end-to-end encryption in communication services. This provoked a huge wave of criticism showing that secure communications are also important to the broader public. This response ultimately led the European Parliament to explicitly exclude end-to-end encrypted communications from the scope of the Regulation.
At EU Member State level, the implementation of the NIS-2-Directive is still ongoing and will require substantial efforts by the affected companies, especially those that have not been subject to any cybersecurity requirements until now. On the other hand, providers of electronic communication networks and services are already under a sector-specific security regime as part of the European Electronic Communication Code. It will therefore be important that the national implementation of the NIS-2-Directive take into account the already existing security concepts in this sector and only stipulate additional measures where these would in fact lead to a higher level of security.
A political agreement on the Cyber Resilience Act has been reached, which harmonises cybersecurity standards for products and software with digital components and will also assist providers under the NIS-2-Directive to ensure supply chain security. Finally, it must be noted that the enormous frequency of new legal acts in the field of cybersecurity in recent years poses major challenges for the companies affected by them, as their internal processes must constantly be adapted, and it is often hard to find the necessary skilled workers to implement new requirements. With this in mind, along with the new mandate coming up this year, the focus of the upcoming European Commission should be on the smooth implementation of these legal acts rather than on new proposals.
Andreas Gruber Former Chair of the EuroISPA Cybercrime & Cybersecurity Committee
https://www.euroispa.org/wp-content/uploads/2024/03/EuroISPA-featured-Image-1.png7201170Elenahttps://www.euroispa.org/wp-content/uploads/2020/01/logo_euroispa_4c_invers_2-300x127.pngElena2024-04-15 12:15:052024-04-15 12:15:07Cybersecurity in the EU: Milestones, Challenges, and the Road Ahead
