After the respective recommendations put forward by the Commission (see eucrim 1/2019, p. 41), the Council gave two mandates to the Commission to negotiate on behalf of the EU agreements on access to e-evidence. The mandates endorsed on 6 June 2019 refer to:

• Conclusion of an agreement between the Union and the United States of America on cross-border access by judicial authorities in criminal proceedings to electronic evidence held by a service provider;
• Participation in the negotiations in the Council of Europe on a second additional protocol to the Cybercrime Convention.

The Council also set up negotiation directives to guide the Commission when conducting the negotiations. These directives are set out in addenda documents to the Council decision on the mandate and, inter alia, include the safeguards that the Council wishes to be included in the international rules on e-evidence. The Council particularly emphasised that the agreements must be compatible with the envisaged EU legal framework on e-evidence, which is currently being fiercely discussed in the Council and European Parliament (see eucrim 1/2019, pp. 38 et seq.; eucrim 4/2019, pp. 206/207).

The future EU-US agreement aims above all at setting common rules guaranteeing speedy access to content and non-content data, particularly those data stored in clouds on the servers of telecommunication service providers. It also aims at avoiding conflicts of law. To date, U.S.-based service providers, who are the main addressee of the new regulations, only cooperate with EU law enforcement authorities on a voluntary basis and regularly limit access to non-content data. The new mandate will include rules that allow law enforcement orders to be sent directly to the service providers and short deadlines within which the requested data must be supplied. Realtime telecommunications data are not mentioned in the Council negotiating directives.

Likewise, the second additional protocol to the Budapest Convention on Cybercrime (CETS 185) aims at laying down provisions for a more effective and simplified mutual legal assistance (MLA) regime in cybercrime and e-evidence matters. The additional protocol is currently under discussion in the Council of Europe working parties. It will also include direct cooperation with service providers in other state parties to the Convention, and searches are to be extended across borders.

Both mandates underline that the Council must be closely involved in the preparation and conduct of negotiations by the Commission. To this end, it will be especially for the Finnish Council Presidency to fulfil these monitoring tasks in the second half of 2019.

Before an agreement can be signed and concluded, the Commission will have to obtain separate authorisation from Member States. The European Parliament must also be informed and will have to consent before an agreement can be signed and concluded.