Digital data plays an increasing role in criminal investigations. Think of emails, instant messages, cloud files or log data. In order to obtain this information faster and across borders, the European Union has introduced new legislation: the e-Evidence regulation and guideline.
But what exactly does this legislation entail? And is it relevant to your organization? We are happy to explain it clearly and practically.
What is e-Evidence?
The e-Evidence legislation consists of two parts:
- The e-Evidence Regulation (EU 2023/1543) It regulates that investigation services within the EU can request electronic data directly from service providers, even if they are located in another EU country.
- The e-Evidence Directive (EU 2023/1544) This requires certain organizations to have a Designated office or legal representative within the EU to have who can receive and handle such requests.
In short, authorities can requisition digital data faster, and organizations need to know how to handle it.
For whom is this relevant?
The legislation focuses primarily on digital service providers, such as:
- Cloud and hosting providers
- IT service providers
- Software and SaaS vendors
- Organizations that store or manage digital data for customers
Even if your organization does not fall directly into this category, you can be indirectly affected by e-Evidence, such as through your IT vendor or cloud platform.
What will change in practice?
When a competent authority needs electronic data for a criminal investigation, it may:
- A European distribution order Issue (for data submission)
- A European custody order impose (to temporarily secure data)
These requests may reach the service provider directly, without the intervention of national authorities.
This requires clear agreements, procedures and responsibilities.
What does this mean for you as a customer?
For SME organizations, this is especially important:
- Transparency You want to know what happens to your data and who can access it.
- Continuity and diligence Data should be provided only when required by law and in the appropriate manner.
- Good agreements with your IT partner On data management, retention periods and dealing with legal requests.
How does Analyst ICT deal with this?
At Analyst ICT, we believe that legislation should not cause turmoil, but rather provide clarity. Therefore:
- Have we assessed the e-Evidence legislation within our ISO 27001 and NEN 7510 management system
- Did we include this in our risk analysis and procedures
- Do we ensure that any legal requests careful, controlled and compliant be handled
For our customers, this means: no surprises, no unnecessary risks and full transparency.
What do you not have to do?
For most customers:
- You need to no separate procedures install
- You need no legal actions undertake
- You need not to fear that data will be shared casually
We ensure that your IT environment complies with applicable laws and regulations.
In conclusion
The e-Evidence legislation is a logical consequence of a digital society in which data is increasingly being used across borders. With the right design of ICT, processes and responsibilities, this need not be an additional concern.
Do you have questions about data protection, cloud use or compliance?
We like to think with you - first think, then do.
