The European Commission proposed a Regulation on cross-border access to and preservation of electronic data held by service providers and a Directive to require service providers to appoint a legal representative within the EU in April 2018. Since then, the legislative process to adopt them has been fast-tracked, which has prevented any proper assessment of these measures to be carried out.

On 7 December 2018, the Council of the European Union reached a general approach on the text, that is to say a political agreement on a negotiating position to enter the negotiations with the European Parliament. The Civil Liberties, Justice and Home Affairs Committee of the Parliament decided to first make a thorough assessment of the Commission’s proposal before adopting its position. An introduction was first published to identify a number of questions for discussion that will be followed up by topical working documents.

The United States, adopted its own piece of legislation in a rush, the US Clarifying Lawful Use of Overseas Data (CLOUD) Act. The bill allows to access data stored outside of US territory while bypassing the legal safeguards of traditional international cooperation frameworks.

In parallel, the Council of Europe (CoE) has been also preparing a new protocol to the Convention on Cybercrime (also known as “the Budapest Convention”) on cross-border access to data by law enforcement authorities. This Second Protocol is expected to be finalised by the end of 2019

EDRi has been sending submissions to all institutions to ask for human rights to be respected. In this document pool, you will find the relevant information, documents and analyses on the e-evidence proposals. We’ve been updating this document pool as the process advanced.

Last update: 25 April 2019.

EDRi’s analysis and recommendations
Legislative documents
EDRi’s blogposts and press releases

EDRi’s analysis and recommendations:

Legislative documents:

More information in EUR LEX (EU Database on preparatory acts) and OEIL (European Parliament’s Legislative Observatory)

EDRi’s blogposts and press releases:

RightsCon session on cross-border access to e-evidence – key interventions (10.04.2017)
Access to e-evidence: Inevitable sacrifice of our right to privacy? (14.06.2017)
Cross-border access to data: EDRi delivers international NGO position to Council of Europe (18.09.2017)
Cross-border access to data has to respect human rights principles (20.09.2017)
CLOUD Act: Civil society urges US Congress to consider global implications (19.03.2018)
Nearly 100 public interest organisations urge Council of Europe to ensure high transparency standards for cybercrime negotiations (03.04.2018)
EU “e-evidence” proposals turn service providers into judicial authorities (17.04.2018)
Independent study reveals the pitfalls of “e-evidence” proposals (10.10.2018)
Growing concerns on “e-evidence”: Council publishes its draft general approach (05.12.2018)
EU Council’s general approach on “e-evidence”: From bad to worse (19.12.2018)
EU rushes into e-evidence negotiations without common position (19.06.2019)


Joint Civil society letter to the Members of the US Congress on the US CLOUD Act (19.03.2018)
Joint Civil society letter to the Secretary General of the Council of Europe on the draft Second Additional Protocol to the Convention on Cybercrime (03.04.2018)
Joint Civil Society Response to Discussion Guide on a 2nd Additional Protocol to the Budapest Convention on Cybercrime (28.06.2018)
European Parliament Research Service’s assessment of the Commission’s proposals on electronic evidence (09.2018)
Joint Civil society letter to Member States about their draft position on “e-evidence” (05.12.2018)

Legislative process: