Directive (EU) 2023/977 on the Exchange of Information Between the Law Enforcement Authorities: Swift Information Exchange, at What Cost?
Anagnostopoulos managing partner Ilias Anagnostopoulos and partner Alexandros Tsagkalidis discuss the impact and challenges of this EU Directive.
Alexandros Tsagkalidis
View firm profileEU member states are required to transpose Directive (EU) 2023/977 on the exchange of information between the law enforcement authorities of Member States into their national legal systems by 12 December 2024. This Directive repeals Council Framework Decision 2006/960/JHA and is part of the “Police Co-operation Code”, a legislative package introduced by the European Commission in 2021 to enhance law enforcement co-operation among member states. The primary aim of the Directive is to ensure that national law enforcement authorities in one member state can obtain equivalent access to information available to their counterparts in another member state. This objective is to be achieved through the establishment of effective and rapid mechanisms for exchanging relevant information, specifically for the purposes of preventing, detecting or investigating criminal offences.
Swift Information Exchange
To this end, each member state is required to establish a so-called “Single Point of Contact” – ie, a local central entity responsible for co-ordinating and facilitating the exchange of information. It is noteworthy that “information” is defined broadly by the Directive and includes “any content concerning one or more natural or legal persons, facts, or circumstances relevant to competent law enforcement authorities for the purpose of carrying out their tasks under national law of preventing, detecting, or investigating criminal offences, including criminal intelligence”.
“The primary aim of the Directive is to ensure that national law enforcement authorities in one member state can obtain equivalent access to information available to their counterparts in another member state.”
The Directive outlines three distinct methods for the exchange of information:
- the exchange of information through the Single Points of Contact between member states, following a formal request for information (Article 4);
- the provision of information on an own-initiative basis when such information is deemed relevant to other member states for the purposes of preventing, detecting or investigating criminal offences (Article 7); and
- the exchange of information through direct requests submitted to competent law enforcement authorities (Article 8).
In all cases, the exchange of information must adhere to the principles established in Article 3 of the Directive, namely the principles of availability, equivalent access, confidentiality, data ownership and data reliability.
“The exchange of information must adhere to the principles established in Article 3 of the Directive.”
Article 6 of the Directive outlines the conditions under which a member state’s Single Point of Contact may refuse to provide requested information to another member state. The list of grounds for refusal is exhaustive and includes situations where the information is unavailable, the request does not meet the requirements set out in Article 4, judicial authorisation required under national law is denied, or the data is inaccurate, incomplete or outdated. Additional grounds for refusal exist where providing the information would jeopardise national security, ongoing investigations, individual safety or other vital interests. Requests may also be denied if they relate to minor offences or information initially obtained from another member state or third country that has not consented to its disclosure. Refusals are limited to the specific information affected, while the unaffected parts are still subject to disclosure.
The Directive also aims to upgrade Europol to the EU’s “criminal information hub”. When information is exchanged between member states, a case-by-case assessment must be made to determine whether a copy of the request for information submitted under this Directive, as well as the information exchanged, should be sent to Europol, provided it concerns a criminal offence falling within Europol’s objectives.
At What Cost?
Swift exchange of information is indisputably a crucial element in the fight against organised crime and terrorism, as it helps law enforcement authorities keep pace with their rapidly changing and expanding nature. However, substantial criticism of the Directive has been raised by both academia and NGOs on three key grounds.
- The Directive does not establish any rules on the admissibility of exchanged information as evidence in criminal proceedings. While it clarifies that it does not grant a right to use the provided information as evidence in judicial proceedings, it also states that “this does not prohibit a Member State providing information from consenting to its use as evidence in judicial proceedings” (Article 1, par 4). As Thomas Wahl aptly commented in eucrim, “the Directive rather reinforces the impression that consent for the use of evidence in judicial proceedings is merely a rubber stamp by the authorities of the requested state, thereby circumventing the rules of legislation on judicial cooperation”.
- In terms of the statutory protection of fundamental rights, the Directive appears to take a step back. Following the ECJ's Aranyosi Căldăraru judgment, several EU acts – such as Directive 2014/41 regarding the European Investigation Order and Regulation 2018/1805 on the mutual recognition of freezing and confiscation orders – introduced an explicit ground for non-recognition and non-execution when such actions would violate fundamental rights. This ground is absent from the list of grounds for refusal of information requests in the Directive, as outlined in Article 6, par 1. Although the same paragraph states that “Member States shall exercise due diligence in assessing whether the request for information submitted to their Single Point of Contact is in accordance with the requirements set out in Article 4, particularly as to whether there is a manifest breach of fundamental rights”, it does not clarify what such “due diligence” assessment entails, how it will be conducted by the requested law enforcement authority, or what actions shall be taken if a manifest breach of fundamental rights is identified.
- Statewatch has warned that transmitting copies of requests and exchanged information to Europol is likely to lead to an exponential expansion of its databases. Moreover, during the ordinary legislative procedure prior to the Directive’s adoption, the European Data Protection Supervisor recommended that personal data should only be stored in the case management system of the Single Contact Points for a very short period – only until the information exchange is completed, and then deleted immediately afterwards. However, the Directive stipulates that a decision regarding the retention of this data will be made six months after the exchange has taken place.
“Swift exchange of information is indisputably a crucial element in the fight against organised crime and terrorism.”
Despite these criticisms, the Directive is meant to respond to emerging needs for swift and effective information sharing among law enforcement authorities within the EU. As organised crime and terrorism become increasingly transnational, they demand similarly transnational responses. The Directive seeks to empower law enforcement authorities to act speedily against these evolving threats.
On the other hand, the EU legislature is called on to ensure that the pursuit of security does not undermine fundamental rights and freedoms. While the Directive addresses the need for rapid cross-border action against crime, it is equally important that the high standards of freedom and justice in the European Union are not undermined.
Anagnostopoulos
1 ranked department and 1 ranked lawyer
Learn more about the firm's ranking in Chambers Europe
View firm profile