Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Summaries of EU Legislation

    Electronic evidence in criminal proceedings – designated establishments and legal representatives of service providers

     

    SUMMARY OF:

    Directive (EU) 2023/1544 on harmonised rules on the designation of designated establishments and the appointment of legal representatives for the purpose of gathering electronic evidence in criminal proceedings

    WHAT IS THE AIM OF THE DIRECTIVE?

    The directive is part of a package that aims to facilitate and speed up access to electronic evidence used to investigate and prosecute criminal offences, regardless of the location of the data.

    All service providers offering services in the European Union (EU) must designate an establishment or appoint a legal representative to be responsible for receiving, complying with and enforcing decisions and orders. The objective is to ensure that all service providers operating in the EU have the same obligations regarding access to electronic evidence (e-Evidence).

    KEY POINTS

    Electronic evidence (e-Evidence refers to data stored by or on behalf of a service provider, in an electronic form, that is used to investigate and prosecute criminal offences, including subscriber data, data used for identifying the user, traffic data and content data.

    For the purposes of the directive, a service provider is anyone providing one or more of the following categories of services (except for financial services):

    • electronic communication services, such as internet access services or interpersonal communications services;
    • internet domain name and IP numbering services, such as IP address assignment, domain name registries and related privacy and proxy services;
    • other information society services which enable users to communicate with each other or which store or process data on behalf of the user, such as social networks, online marketplaces and other hosting service providers.

    Designated establishment and legal representative

    EU Member States must ensure that:

    • service providers offering services in the EU designate or appoint at least one addressee to receive, comply with and enforce decisions and orders falling within the scope of this directive, issued by competent authorities of Member States to gather evidence in criminal proceedings:
      • service providers established in the EU specify a designated establishment,
      • service providers not established in the EU appoint a legal representative;
    • addressees are established or reside in a Member State where the service providers offer their services;
    • addressees can be subject to enforcement procedures;
    • the decisions and orders issued by the competent authorities for gathering evidence in criminal proceedings are addressed to the designated establishment or legal representative;
    • service providers give their designated establishments and legal representatives the necessary powers and resources to comply;
    • the designated establishment, the legal representative and the service provider can be held jointly and severally liable for non-compliance and may be subject to penalties;
    • establishments or legal representatives need to be designated within 6 months of the legislation being transposed into national law;
    • each service provider supplies their respective contact details and any changes, in writing, to the central authority of the Member State where its designated establishment is located or where its legal representative resides.

    Penalties

    Member States must:

    • set out rules on effective, proportionate and dissuasive penalties to be applied to infringements of national laws adopted under this directive and take all measures necessary to ensure that they are implemented;
    • notify the European Commission of these rules and any subsequent amendments;
    • inform the Commission annually about non-compliant service providers, relevant enforcement action taken against them and the penalties imposed.

    Central authorities

    Member States must designate one or more central authorities to ensure that this directive is applied consistently and proportionately. The central authorities coordinate and cooperate with each other and where relevant with the Commission, and provide any appropriate information and assistance to each other, particularly on enforcement actions.

    FROM WHEN DO THE RULES APPLY?

    The directive has to be transposed into national law by 18 February 2026. These rules should apply from the same date.

    BACKGROUND

    The directive is part of a package that includes a regulation on European production and preservation orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings (see summary).

    For further information, see:

    MAIN DOCUMENT

    Directive (EU) 2023/1544 of the European Parliament and of the Council of 12 July 2023 laying down harmonised rules on the designation of designated establishments and the appointment of legal representatives for the purpose of gathering electronic evidence in criminal proceedings (OJ L 191, 28.7.2023, pp. 181–190).

    RELATED DOCUMENTS

    Regulation (EU) 2023/1543 of the European Parliament and of the Council of 12 July 2023 on European Production Orders and European Preservation Orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings (OJ L 191, 28.7.2023, pp. 118–180).

    Council Decision (EU) 2023/436 of 14 February 2023 authorising Member States to ratify, in the interest of the European Union, the Second Additional Protocol to the Convention on Cybercrime on enhanced cooperation and disclosure of electronic evidence (OJ L 63, 28.2.2023, pp. 48–53).

    Council Decision (EU) 2022/722 of 5 April 2022 authorising Member States to sign, in the interest of the European Union, the Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence (OJ L 134, 11.5.2022, pp. 15–20).

    Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (OJ L 333, 27.12.2022, pp. 80–152).

    Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (Recast) (OJ L 321, 17.12.2018, pp. 36–214).

    Successive amendments to Directive (EU) 2018/1972 have been incorporated into the original text. This consolidated version is of documentary value only.

    Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, pp. 1–30).

    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, pp. 1–88).

    See consolidated version.

    Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

    See consolidated version.

    Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order in criminal matters (OJ L 130, 1.5.2014, pp. 1–36).

    See consolidated version.

    Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’) (OJ L 178, 17.7.2000, pp. 1–16).

    Recommendation for a Council Decision authorising the opening of negotiations in view of an agreement between the European Union and the United States of America on cross-border access to electronic evidence for judicial cooperation in criminal matters ((2019) 70 final).

    last update 30.05.2023

    Top