On 6 June 2019, the Council authorised the Commission to participate, on behalf of the Union, in the negotiations on a Second Additional Protocol to the Council of Europe Convention on Cybercrime (CETS No 185) (‘the Convention on Cybercrime’).
(2)
The Second Additional Protocol to the Convention on Cybercrime on enhanced cooperation and disclosure of electronic evidence (‘the Protocol’) was adopted by the Committee of Ministers of the Council of Europe on 17 November 2021 and is envisaged to be opened for signature on 12 May 2022.
(3)
The provisions of the Protocol fall within an area covered to a large extent by common rules within the meaning of Article 3(2) of the Treaty on the Functioning of the European Union (TFEU), including instruments facilitating judicial cooperation in criminal matters, ensuring minimum standards of procedural rights as well as data protection and privacy safeguards.
(4)
The Commission also submitted legislative proposals for a Regulation on European Production and Preservation Orders for electronic evidence in criminal matters and for a Directive laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings, introducing binding cross-border European Production and Preservation Orders to be addressed directly to a representative of a service provider in another Member State.
(5)
With its participation in the negotiations on the Protocol, the Commission ensured its compatibility with relevant common Union rules.
(6)
A number of reservations, declarations, notifications and communications in relation to the Protocol are necessary to ensure compatibility of the Protocol with Union law and policies. Others are relevant to ensure the uniform application of the Protocol by Union Member States that are Parties to the Protocol (‘Member State Parties’) in their relation with third countries that are Parties to the Protocol (‘third-country Parties’), as well as the effective application of the Protocol.
(7)
The reservations, declarations, notifications and communications on which guidance is given to the Member States in the Annex to this Decision, are without prejudice to any other reservations or declarations that they might wish to make individually where the Protocol so permits.
(8)
Member States which did not make reservations, declarations, notifications and communications in accordance with the Annex to this Decision at the time of signature should do so when they deposit their instrument of ratification, acceptance or approval of the Protocol.
(9)
Following the ratification, acceptance or approval of the Protocol, Member States should, in addition, observe the indications set out in the Annex to this Decision.
(10)
The Protocol provides for swift procedures that improve cross-border access to electronic evidence and a high level of safeguards. Therefore, its entry into force will contribute to the fight against cybercrime and other forms of crime at global level by facilitating cooperation between Member State Parties and third-country Parties, ensure a high level of protection of individuals, and address conflicts of law.
(11)
The Protocol provides for appropriate safeguards in line with the requirements for international transfers of personal data under Regulation (EU) 2016/679 of the European Parliament and of the Council (2) and Directive (EU) 2016/680 of the European Parliament and of the Council (3). Therefore, its entry into force will contribute to the promotion of Union data protection standards at global level, facilitate data flows between Member State Parties and third-country Parties, and ensure compliance of Member State Parties with their obligations under Union data protection rules.
(12)
The swift entry into force of the Protocol will furthermore confirm the position of the Convention on Cybercrime as the main multilateral framework for the fight against cybercrime.
(13)
The Union cannot ratify the Protocol, as only states can be parties thereto.
(14)
Member States should therefore be authorised to ratify the Protocol, acting jointly in the interests of the Union.
(15)
The European Data Protection Supervisor was consulted in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council (4) and delivered an opinion on 21 January 2022.
(16)
In accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union (TEU) and to the TFEU, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Decision and is not bound by it or subject to its application.
(17)
In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the TEU and to the TFEU, Denmark is not taking part in the adoption of this Decision and is not bound by it or subject to its application,
(18)
The authentic versions of the Protocol are the English and French versions of the text, adopted by the Committee of Ministers of the Council of Europe on 17 November 2021,
