e-Evidence FAQ

e-Evidence FAQ: Frequently Asked Questions

Common questions about the EU e-Evidence Regulation (EU) 2023/1543, compliance requirements and how ICS can help.

What is the EU e-Evidence Regulation?

The EU e-Evidence Regulation ((EU) 2023/1543) is a European Union law that enables law enforcement authorities to issue European Production Orders (EPOC) and Preservation Orders (EPOC-PR) directly to service providers, regardless of where the data is physically stored. It replaces the slow MLAT process with direct cross-border orders that must be fulfilled within strict deadlines.

When does the e-Evidence Regulation take effect?

The regulation applies directly in every EU Member State from August 18, 2026. Germany’s implementing statute (EBewMG) was published in March 2026 and is entering force in stages.

Who is affected by the e-Evidence Regulation?

The regulation applies to electronic communication service providers (telephony, messaging, email), internet domain and IP numbering services, social networks, online marketplaces, cloud storage platforms, hosting providers and SaaS platforms. Both EU and non-EU companies that offer services within the Union are covered. The German Federal Ministry of Justice estimates approximately 9,000 companies in Germany alone fall within scope.

What are the response deadlines?

Standard Production Orders must be fulfilled within 10 days. In emergency situations involving terrorism or imminent threat to life, providers have only 8 hours. Preservation Orders require immediate action to freeze the relevant data.

What are the penalties for non-compliance?

Fines can reach up to EUR 500,000 for standard violations. For large service providers with more than EUR 25 million in global revenue, penalties may amount to 2 percent of worldwide annual turnover.

What data categories can be requested?

EPOC orders can target four categories of data: subscriber data (identity information, account details), access data (IP logs, login timestamps), transactional data (CDRs, billing records, metadata) and content data (stored communications, files, messages).

Do I need a designated establishment in the EU?

Yes. Every affected service provider must designate an official contact point in the EU, registered with the national authority. In Germany, this is the Bundesamt fuer Justiz. ICS offers Designated Establishment as a Service for organisations that need an EU-based contact point.

How does ICS help with e-Evidence compliance?

ICS provides an end-to-end e-Evidence compliance platform that automates order intake, legal validation, data extraction, secure delivery and audit trail reporting. We also offer designated establishment services, managed operations, consulting and integration support. Our platform builds on the same ETSI-compliant architecture used for lawful interception, making it particularly powerful for telecommunications operators who can extend their existing LI infrastructure.

Contact Us
Scroll to Top
ICS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.