EU e-Evidence Act – Key Takeaways
The EU e-Evidence Act is poised to reshape how service providers (SPs) handle cross-border data requests in criminal investigations. For SPs, this means more requests for data, stricter deadlines, and new compliance obligations. This article will introduce the essential elements of the e-Evidence Act and why it’s critical for SPs across various industries—social media, gaming, Airlines, automotive, and more—to understand its implications and prepare for compliance.
Are Service Providers ready to support these changes?
Key Provisions of the EU e-Evidence Act
The e-Evidence Act introduces two main mechanisms that enable EU member states to access electronic data from SPs:
European Production Orders (EPOs): SPs may be required to produce specific data for investigations across borders within strict timelines, even if they operate outside the requesting EU country.
European Preservation Orders (EPO-PRs): SPs may need to preserve data without transferring it, ensuring that relevant information remains accessible for investigative purposes.
Deadline for Compliance
The new regulations have a clear timeline for enforcement:
August 17, 2026: This is the deadline for SPs to be fully compliant with the EU e-Evidence Act. By this date, SPs must have the systems and processes in place to respond to data requests as stipulated by the law.
Time-Critical Expectations for SPs
Under the e-Evidence Act, SPs will be subject to tight deadlines for responding to data requests, particularly with European Production Orders. These include:
10 Days for Standard Requests: For routine cross-border requests, SPs are expected to comply within 10 days from receiving an order.
8 Hours for Emergency Requests: In cases where a request involves an urgent threat to life or physical safety, SPs may be required to respond within as little as 8 hours.
These compressed timelines mean that SPs must prioritize efficient systems to handle data requests and ensure teams are equipped to respond quickly, particularly in high-stakes scenarios.
Penalties for Non-Compliance
Failure to meet the requirements set by the e-Evidence Act can result in significant consequences:
Financial Penalties: The Act empowers EU authorities to impose fines on SPs that fail to comply with production or preservation orders within the specified timelines. The exact penalty amounts are subject to each member state’s enforcement protocols, but non-compliance can result in substantial financial repercussions proposed at 2% of global annual turnover.
Operational Risks: Beyond financial penalties, non-compliance risks legal complications and potential disruptions to cross-border operations.
Reputational Damage: Repeated delays or failures to comply can harm an SP’s reputation, particularly in sectors where data privacy and security are critical to client trust.
Why the Act Matters to Key Sectors
Whether you’re in social media, or telecommunications, these new requirements demand that SPs establish processes to manage urgent requests efficiently, safeguard their teams’ well-being under high-pressure conditions, and prevent penalties. Non-compliance is not only a regulatory risk but also a threat to customer trust.
What should I do?
To learn more about how Kodex can support SPs in preparing for these new demands, register for this event and explore Kodex’s self-assessment tool, designed to help SPs evaluate their readiness for compliance with the EU e-Evidence Act.
