Encryption: Council wants a lawful access to encrypted communications for competent authorities

A leaked version of the draft Council Resolution on Encryption shows that Member States would like to create a possibility for competent authorities to access encrypted communications. According to the document, such access should be granted to fight terrorism and organised crime. The regulatory framework in the EU should be modified accordingly.

Please find below the link to the leaked document and the main points from this draft Resolution.

Draft Resolution

From security through encryption…

The draft Resolution acknowledges the importance of strong encryption as a tool to protect fundamental rights and the digital security of governments, industry and society. It further notes that “encryption has been identified by EU data protection authorities as an important tool contributing for instance to the protection of personal data transferred outside the EU but subject to the requirement of an essentially equivalent level of protection”. The draft Resolution underlines that more and more communication channels are secured by end-to-end encryption.


… to security despite encryption

However, the document states “[…] the European Union needs to ensure the ability of competent authorities in the area of security and criminal justice, e.g. law enforcement and judicial authorities, to exercise their lawful powers, both online and offline”. The text mentions the fight against terrorism, organised crim, child sexual abuse and cyber-enabled crimes.

The draft Resolution further notes that “there are instances where encryption renders analysis of the content of communications in the framework of access to electronic evidence extremely challenging or practically impossible despite the fact that the access to such data would be lawful”.


Competent authorities should be granted a lawful access in some cases

The draft Resolution explains that a better balance must be found between encryption of communications and lawful access. Competent authorities should have the possibility, in the area of security and criminal justice, to lawfully access relevant data for legitimate, clearly defined purposes in fighting serious and/or organised crimes and terrorism.

The document states that technical solutions for gaining access to encrypted data must comply with the principles of legality, transparency, necessity and proportionality. Industry, research, academia and governments need to work together. Possible solutions should be developed in cooperation with communication service providers.


Modifying the legal framework

Member States wish to develop a consistent regulatory framework across the EU to allow competent authorities to carry out their tasks.

The document concludes that there should be no single prescribed technical solution to access to encrypted data.


Next steps:

The final version of the Resolution should be adopted by the Council by the end of November.

As a public document published by the Council, this Resolution is setting a direction for the Council and also sends a message to the Commission.


If you have any questions, please do not hesitate to contact Camille Dornier - Policy Manager: camille.dornier@eurosmart.com

Rue de la Science 14B - 1040 Brussels BELGIUM
Privacy Policy - EU transparency register #21856815315-64
Twitter LinkedIn
Modify your subscription    |    View online