The European Commission presented today a Roadmap setting out the way forward to ensure law enforcement authorities in the EU have effective and lawful access to data. The roadmap is an important deliverable under ProtectEU – the EU's Internal Security Strategy which the Commission presented in April this year.
Terrorism, organised crime, online fraud, drug trafficking, child sexual abuse, sexual extortion, ransomware, and other offences all share a common feature: they leave digital traces. With 85% of criminal investigations now relying on electronic evidence, law enforcement authorities need better tools and a modernised legal framework to access digital data in a lawful manner while ensuring full respect of fundamental rights.
The Roadmap focuses on six key areas:
- Data retention: In 2025, the Commission will carry out an impact assessment with a view to updating the EU's data retention rules. In addition, Europol and Eurojust will work on reinforcing cooperation between law enforcement and service providers when it comes to accessing electronic evidence.
- Lawful interception: To enable law enforcement to obtain evidence across systems and jurisdictions, the Commission will explore measures to improve cross-border cooperation for lawful interception of data by 2027, both among authorities, and between authorities and services providers. Key actions for the next years include assessing the need to further strengthen the European Investigation Order (by 2027) and supporting the deployment of secured information sharing capacities between Member States, Europol and other security agencies (2026-2028).
- Digital forensics: Law enforcement and judicial authorities must be able to analyse and preserve digital evidence stored on electronic devices. The Commission, together with Europol, will coordinate a gap and needs analysis for technical solutions in digital forensics and support the development of forensic tools with EU funding and public-private partnerships. Europol is invited to develop into a centre of excellence for operational expertise in the field of digital forensics and step up coordination with national authorities and private parties (from 2026).
- Decryption: In 2026, the Commission will present a Technology Roadmap on encryption to identify and evaluate solutions that enable lawful access to encrypted data by law enforcement, while safeguarding cybersecurity and fundamental rights. The Commission will also support the development of new decryption technologies to equip Europol with a next generation decryption capability (from 2030).
- Standardisation: The Commission will work with Europol, industry stakeholders, experts and law enforcement practitioners to develop and streamline an EU approach to standardisation for internal security, with a focus on digital forensics, lawful disclosure and lawful interception.
- AI solutions for law enforcement: By 2028, the Commission will promote the development and deployment of AI tools that enable authorities to lawfully and effectively process large volumes of seized data, helping to filter and analyse digital evidence more efficiently.
Next Steps
The Commission invites Member States to discuss the Roadmap in the July Informal Justice and Home Affairs (JHA) Council, taking place on 22-23 July.
Background
President von der Leyen's political guidelines of July 2024 stressed the need to equip law enforcement with adequate and up-to-date tools to access digital information lawfully, while safeguarding fundamental rights.
In April 2025, the Commission presented ProtectEU – the EU's Internal Security Strategy , which announced its intention to put forward a Roadmap on lawful and effective access to data for law enforcement in the first half of 2025.
The roadmap also responds to the JHA Council conclusions of December 2024 , in which Member States explicitly called on the Commission to deliver such a work plan. This follows work carried out by the High-Level Group on Access to Data for Law Enforcement, established in 2023 to address the growing challenges of accessing critical digital evidence. The Group presented 42 recommendations in May 2024 and a final report in November 2024, both of which were endorsed by the Council.
