EU e-Evidence Directive: Transposition Deadline Reached – Implementation Status and Critical Action Points for Service Providers

The EU e-Evidence Directive (Directive (EU) 2023/1544) must be transposed by EU Member States by 18 February 2026, establishing a framework for cross-border law enforcement access to electronic evidence. With the transposition deadline now passed, service providers need to understand what this means for their operations.

Understanding the e-Evidence Package

The e-Evidence Package consists of two legislative acts:

•  Regulation (EU) 2023/1543, directly applicable from 18 August 2026; and
• Directive (EU) 2023/1544, which EU Member States must transpose by 18 February 2026.

Mechanism

The Regulation introduces two new investigative tools: the European Production Order, enabling authorities in one EU Member State to directly compel service providers in another EU Member State to produce electronic evidence via their designated contact point (“addressee”), and the European Preservation Order, enabling authorities to require providers to preserve electronic evidence for 60 days, ensuring data remains available for subsequent production orders.

European Production Orders require transmission of requested data within 10 days, or 8 hours in emergency situations.

These tools bypass traditional mutual legal assistance channels, aiming to speed up access to electronic evidence. Requests are transmitted via a new “decentralised IT system” connecting national authorities and the providers’ addressees.

Scope

The e-Evidence package applies to: 

• electronic communications services (e.g., VOIP, instant messaging, email),
• internet domain name and IP numbering services (e.g., domain name registries, privacy and proxy servers, regional registries for IP addresses), and
• other information society services that enable
  • (i) intra-user communications (e.g., online marketplaces) and
  • (ii) storage/processing on behalf of users (e.g., hosting services within the meaning of the Digital Services Act).

The territorial scope covers providers that are offering services in the EU, thereby extending to providers based outside the EU. “Offering services in the EU” requires enabling use in one or more Member States and a substantial connection (e.g. establishment, targeting activities, or significant user base).

Determining whether a specific service falls within the scope of the e-Evidence framework is often complex in practice. For an initial, non-binding assessment, organisations may use our interactive  e-Evidence Regulation Scoping Tool.

Core Obligations Under the Directive

Designation/Appointment of Addressees

Service providers established in the Union must designate an establishment; those without an EU establishment must appoint a legal representative. The designated addressee is responsible for receiving and executing orders.

Notification Requirements

Service providers must notify the central authority of the Member State where the designated establishment or legal representative is located of contact details and accepted official language(s). Notification must be completed by 18 August 2026, or within six months of commencing services in the EU.

Penalties

Service providers and their designated establishments or legal representatives are jointly and severally liable for non-compliance. Penalties may include fines of up to 2% of the provider's annual global turnover, with national implementing laws potentially imposing even higher sanctions.

Transposition Status Across the EU

As of February 2026, the transposition status of the e-Evidence Directive across EU Member States varies significantly. Only four Member States have adopted implementing legislation: Croatia, Italy, Lithuania, and Slovakia. Germany adopted its implementation in Parliament, with publication in the official journal soon awaited. Six Member States have draft legislation available: Belgium, Czech Republic, Finland, Ireland, Netherlands, and Sweden. The remaining Member States have no publicly available developments. Denmark has opted out from the e-Evidence Regime.

For service providers, this fragmented transposition creates significant legal uncertainty: in Member States without implementing legislation, the national procedural rules, competent authorities, and penalty regimes necessary for the practical application of the framework are currently unclear.

Key Challenges for Service Providers

Service providers currently face several challenges. Whilst some initial guidance has emerged on national level – including Ireland, the Netherlands, and Germany— and from Eurojust, these materials are largely available only in national languages and provide limited added value, as they predominantly restate the legislative text and recitals. More substantive guidance addressing practical compliance challenges remains to be developed, and significant time pressure persists. In the absence of such clear guidance, service providers face particular difficulties in the following areas:

Scoping Challenges

Determining the correct service provider within a corporate group remains a key challenge, as compliance obligations attach to individual legal entities rather than the group as a whole, raising practical questions about how far compliance functions can be centralised across entities.

It remains challenging to determine in which EU Member State a service provider must designate its addressee and to what extent that designation covers operations in other EU Member States.

Technical Readiness

Service providers must notify their addressee details via a dedicated Commission application from 18 February 2026. However, this registration application has not yet been made available to Member States.

The technical specifications for the decentralised IT system are defined in ETSI specification TS 104 144, with key aspects made legally binding through Commission Implementing Regulation (EU) 2025/1550.

Key constraints include a maximum transmission capacity of 25 MB and the requirement for an alternative transmission route. The decentralised IT system remains under development and may not be fully functional by 18 August 2026.

Operational Adjustments

Providers will need to establish or adapt internal compliance structures, review existing processes for handling law enforcement requests, and ensure staff are trained on the new instruments, timelines, and safeguards introduced by the regime.

The addressee’s review is limited to the information contained in the orders. While there is no obligation to investigate unlawfully issued orders, addressees must identify relevant deficiencies, including immunities and privileges, freedom of the press and expression concerns, incompleteness or obvious errors, and insufficient information for implementation or factual impossibility.

Actions items for service providers

The e-Evidence Package marks a fundamental shift in the way service providers must handle cross-border law enforcement requests. With the Directive’s transposition deadline of 18 February 2026 having passed and the Regulation becoming applicable on 18 August 2026, service providers should in particular:

• Assess whether their services fall within the scope of the e-Evidence Package

• Identify the relevant legal entities within their corporate structure

• Determine the optimal Member State for designating an establishment or appointing a legal representative

• Prepare the required notification to the competent national authorities

• Establish internal processes for reviewing and responding to European Production and Preservation Orders

• Ensure technical preparedness for connection to the decentralised IT system

• Train relevant teams on the new instruments, timelines and safeguards

How Bird & Bird can support you

Bird & Bird’s multidisciplinary team supports clients across all aspects of e-Evidence compliance – from scoping analysis and designation strategy to operational implementation and ongoing compliance: e-Evidence Contacts - Bird & Bird

To facilitate an initial assessment, we have developed an interactive e-Evidence Regulation Scoping Tool, which enables organisations to determine, through a structured questionnaire, whether they are likely to fall within the scope of the Regulation’s obligations:
Bird & Bird e-Evidence Regulation Scoping Tool

For further resources, updates on implementation across Member States and practical guidance, please visit our dedicated EU e-Evidence Package Hub.

On 3 February 2026, we hosted a webinar covering the EU e-Evidence Package, the state of implementation across Member States, practical challenges in executing orders, strategic considerations for designation, and technical readiness. You can access the recording here Understanding the EU e-Evidence Package - Compliance and Challenges - Bird & Bird.