Scribd
Upload
74 views2 pages

Roadmap For Access To Data For Law Enforcement

The European Commission has introduced a roadmap to enhance law enforcement's access to digital data, addressing challenges related to privacy and fundamental rights. Key areas of focus include data retention, lawful interception, digital forensics, decryption, standardization, and AI solutions. The roadmap aims to improve cooperation among authorities and service providers, while ensuring the protection of fundamental rights and cybersecurity.

Uploaded by

Lucia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
74 views2 pages

Roadmap For Access To Data For Law Enforcement

The European Commission has introduced a roadmap to enhance law enforcement's access to digital data, addressing challenges related to privacy and fundamental rights. Key areas of focus include data retention, lawful interception, digital forensics, decryption, standardization, and AI solutions. The roadmap aims to improve cooperation among authorities and service providers, while ensuring the protection of fundamental rights and cybersecurity.

Uploaded by

Lucia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

AT A GLANCE

Roadmap for access to data for law enforcement


Today, nearly every form of serious and organised crime leaves a digital trace. Whether it concerns cyber fraud,
ransomware attacks, drug or migrant trafficking, money laundering, child sexual abuse or terrorism, the internet
has evolved from a mere tool to the very backbone of modern criminal operations. In around 85 % of criminal
investigations, law enforcement and judicial authorities need to access and extract digital information. However,
giving law enforcement authorities greater access to data raises privacy and other fundamental rights challenges.

European Commission initiative


On 24 June 2025, the European Commission presented a roadmap setting out the way forward to ensure
law enforcement authorities (LEAs) in the EU have effective and lawful access to data. The roadmap is one
of the steps envisaged under ProtectEU – the EU's internal security strategy, which the Commission
presented in April 2025. The roadmap focuses on six key areas, data retention, lawful interception, digital
forensics, decryption, standardisation and AI solutions for law enforcement.

Data retention
Data retention involves the storage of non-content data by electronic communications providers and
potential access to it by public authorities, including for law enforcement purposes. The extent to which
this interferes with privacy depends on the type of data retained or accessed and the safeguards in place.
Member States have enacted laws establishing obligations and powers related to data retention and access.
In 2014, the Court of Justice of the European Union (CJEU) declared the EU's 2006 Data Retention Directive
invalid because it found that the directive violated the EU Charter of Fundamental Rights. In its case law on
national data retention schemes, the CJEU has established a hierarchy of objectives – allowing more
intrusive retention measures only when pursued for more serious purposes – and has outlined the
safeguards required to protect fundamental rights.
In its roadmap, the Commission announces plans to review and, as necessary, update the EU's data retention
rules; it will conduct an impact assessment in 2025. At the same time, the EU Agency for Law Enforcement
Cooperation (Europol), and the EU Agency for Criminal Justice Cooperation (Eurojust) will work with LEAs
and service providers to improve access to electronic evidence.

Lawful interception
Lawful interception enables authorised third parties – typically LEAs – to access covertly communications
data from individuals or organisations under investigation. This access can occur at various stages, such as
on the user's device, within the network, or at the destination (e.g. cloud storage). It may be facilitated by
service providers or network operators, or done independently by authorities. The shift from traditional
telecom services to over-the-top (OTT) services like messaging apps has introduced significant challenges,
making it much more difficult for LEAs to access critical information related to targeted communications.
The Commission will explore ways to enhance cross-border cooperation for the lawful interception of data
by 2027. This includes improving collaboration among authorities, but also between authorities and service
providers. Key actions over the coming years include evaluating the need to enhance the European
Investigation Order by 2027, and supporting the rollout of secure information-sharing capabilities between
Member States, Europol, and other security agencies from 2026 to 2028.

Digital forensics
Digital forensics is an important field within forensic science, which involves the recovery, analysis, and
presentation of data, including communication metadata and content data. Data are typically extracted
from digital devices, such as computer hard drives, mobile phones, smart appliances, vehicle navigation
systems, electronic door locks, and data stored in the cloud. This field is essential for investigating
cybercrime, fraud, data breaches, and other digital offences, as well as crimes relying on encrypted

EPRS | European Parliamentary Research Service


Author: Beatrix Immenkamp with Hendrik Mildebrath and Piotr Bąkowski, Members' Research Service
PE 775.880 – July 2025
EN
EPRS Roadmap on access to data for law enforcement
communication. Digital forensics encompasses several sub-disciplines, including computer forensics,
mobile device forensics, network forensics, and cloud forensics.
Starting in 2026, the Commission will coordinate a gap and needs analysis, to identify technical
requirements in the field of digital forensics. This will support the development of advanced forensic tools,
leveraging EU funding and public-private partnerships. The Commission would like to see Europol evolve
into a centre of excellence for operational expertise in digital forensics and to enhance the agency's
coordination with national authorities and private sector stakeholders.

Decryption
Encryption refers to 'the process of transformation of information into a secure format to protect it from
unwanted access or modifications by third parties'. Encryption has become a fundamental feature of many
products and services, gradually establishing itself as the default standard for social media and
communication platforms. Moreover, encryption techniques continue to develop, protecting online
technologies such as browser activity, electronic communication services, online storage spaces, mailboxes,
etc. Encryption poses a serious challenge for law enforcement, as even the most effective decryption
mechanisms are unable to work around strong encryption algorithms or complex passwords. At the same
time, strong encryption is essential to protect against cybercrime and ensure privacy.
The Commission plans to present a technology roadmap on encryption in 2026. The aim is to explore and
assess solutions that give LEAs lawful access to encrypted data, while ensuring the protection of
cybersecurity and fundamental rights. The Commission will also support the development of advanced
decryption technologies, aiming to equip Europol with next-generation decryption capabilities by 2030.

Standardisation
Standards play a crucial role in digital communications, since they ensure interoperability between systems
and devices from different technology providers. Additionally, they help technologies meet legal
requirements, including those related to lawful access for law enforcement purposes. The Commission plans
to work with Europol, industry stakeholders, experts and law enforcement practitioners to develop and
streamline an EU approach to standardisation for internal security, with a focus on digital forensics, lawful
disclosure and lawful interception.

Artificial intelligence (AI) solutions for law enforcement


Investigations involving digital evidence often require the processing and analysis of huge volumes of data.
Relevant expertise, computational resources and specialised tools are necessary to manage and analyse
such data. AI has become essential to processing large volumes of data; AI-based solutions can handle a
range of tasks – from simple ones like machine translation or speech-to-text conversion to more complex
functions such as data filtering and correlating evidence across large volumes of information. At the same
time, AI-powered tools for LEAs need to be accurate, transparent and fully compliant with the EU legal
framework for AI, data protection and privacy.
In its roadmap, the Commission announces plans to promote the development and deployment of AI tools
that allow authorities to process large volumes of seized data, enabling them to filter and analyse digital
evidence more effectively.

European Parliament
Parliament has been actively involved in shaping policies on law enforcement access to data, aiming to strike
a balance between effective crime prevention and the protection of fundamental rights. This is part of a
broader effort to ensure that data protection is a cornerstone of EU law, particularly within the context of
law enforcement and criminal justice. Throughout recent legislative processes – such as a revised directive
on financial information access, the Prüm II Regulation, the overhaul of e-evidence rules and the Directive
on information exchange – Parliament has emphasised the importance of safeguarding fundamental rights.
This is one of four briefings that explore different aspects of the roadmap for effective and lawful access to data
for law enforcement, including briefings on lawful interception, data retention and digital forensics.

This document is prepared for, and addressed to, the Members and staff of the European Parliament as background material to assist them in their
parliamentary work. The content of the document is the sole responsibility of its author(s) and any opinions expressed herein should not be taken
to represent an official position of the Parliament. Reproduction and translation for non-commercial purposes are authorised, provided the source
is acknowledged and the European Parliament is given prior notice and sent a copy. © European Union, 2025.
eprs@[Link] (contact) [Link] (intranet) [Link] (internet) [Link] (blog)

You might also like