The European Parliament has reached a political agreement on an EU regulation on asset recovery and seizure. The new directive establishes minimum standards across the Union on the tracing, identification, freezing, seizure and management of criminal goods. This agreement should enhance the capabilities of Member States to fight organised crime.

The directive should apply to a wide range of crimes, such as organised crime, terrorism, human trafficking and drug trafficking. It also entails an obligation for Member States to ensure that the authorities involved in tracing, freezing and managing criminal money have qualified staff and the appropriate financial, technical and technological resources.

The proposed rules will also apply to the violation of sanctions once a still pending directive on the definition of criminal offences and sanctions for violation of EU restrictive measures is adopted. As a result, individuals and companies that profit from circumventing sanctions will see their profits seized in the same way as those of human traffickers or drug cartels.

Member States will have to strengthen asset recovery offices, whose role will be to facilitate cross-border cooperation in relation to asset-tracing investigations.

Asset recovery offices will also be tasked with tracing and identifying criminal money, in support of asset-tracing investigations conducted by state authorities and the European Public Prosecutor’s Office. They will also perform the tracing and confiscation of proceeds that are subject to a seizure or confiscation order issued by an agency of another Member State.

In order for asset recovery offices to be able to perform their tasks, Member State governments will have to ensure that they are given access to the relevant national databases and registers. In some cases, access must be immediate and direct.

According to the agreed text, Member States must adopt measures to enable the freezing of goods to ensure a possible seizure and to ensure, in the event of a final conviction, the seizure of instrumentalities and proceeds derived from a criminal offence.

However, Member States will not only be obliged to ensure the seizure of criminal money. They will also have to adopt rules allowing them to seize goods of a value corresponding to the criminal proceeds.

Where criminal goods or goods of equal value are transferred to a third party, it should also be possible to seize them, but only if the third party knew or should have known that the purpose of the transfer or acquisition was to avoid confiscation.

In some cases, the seizure of criminal proceeds will also be possible where criminal proceedings have been initiated but cannot be continued.

For the first time for many Member States, a new directive on the seizure of unexplained wealth will allow, under certain conditions, the seizure of goods identified in the context of an investigation relating to criminal offences, provided that a state court is satisfied that the identified goods derive from criminal activities committed within the framework of a criminal organisation and that these activities result in a substantial financial benefit. The agreement pays particular attention to procedural guarantees.

Member States will have to designate authorities (asset management offices) to manage frozen or seized goods, either by direct management or by providing support and expertise to other bodies responsible for the management of frozen and seized goods. Member States should also allow the sale of frozen goods, even before final seizure, under certain conditions, for example if the goods are perishable.

According to data from Europol, criminal organisations accumulate revenues estimated to amount to at least €139,000 million annually.

Despite the existence of a number of EU laws on the tracing and seizure of illegal goods, in 2020, the Council called on the Commission to strengthen the legal framework. The European Parliament also called for stricter asset recovery rules. This draft directive was proposed on 25 May 2022.

Aquest apunt en català / Esta entrada en español / Post en français

To guarantee safer road traffic throughout Europe, the European Council adopted its common positions on two European Commission proposals that are part of the so-called road safety legislative package:

• The 2006 and 2022 directives, as well as the 2012 and 2018 regulations on driving licenses
• The 2015 directive on cross-border exchange of information on road safety related traffic offences

The proposal of the Commission seeks to improve road safety and enable the free movement of citizens within the EU. The proposal should be seen as a complete revision of the existing directive since the last major reform occurred in 2006 and had to be transposed by the Member States until 2013. The proposal introduces four major new elements to the current regime:

• A European scheme for novice drivers that allows for accompanied driving after obtaining a license at the age of 17.
• Stricter conditions for novice drivers during their first two years (or more depending on the rules of Member States) of driving.
• A mobile driver’s license as part of the European digital identity wallet.
• The use of self-assessments as a filter towards the medical examination of the driver’s fitness.

The general thrust of the Commission’s proposal was maintained in the Council’s common position. However, the Council introduced various changes to the Commission’s proposal, which can be summed up as follows:

• To keep the shortening of the validity periods of driving licenses for senior citizens as voluntary.
• A clearer outline of the control of physical and psychological fitness to drive prior to the issuance and renewal of driving licenses.
• Alignment of the technical elements of mobile driving licenses with the revision of the digital identity regulation.
• More detailed guidelines for the Commission’s assessment of the road safety framework of third countries.
• Improvement of the requirements for the accompanying person in the accompanied driving regime, which will be mandatory only for the category B license.
• Reformulation of the conditions of the probationary period according to the competencies and established practices of the Member States.
• Possibility for the citizen to take a theoretical test, under certain conditions, in the Member State of citizenship when it is different from the Member State of residence, but not this option for the practical test.

As for the directive on cross-border exchange of information on traffic offences, the proposal aims to ensure that non-resident drivers respect traffic rules when driving in other Member States.

The Council maintained the general thrust of the Commission’s proposal. However, the Council introduced several changes to the proposal, mainly with the aim of clarifying the scope and definitions of the legal act. This involves, among others:

• Introducing the concept of “concerned person” and clarifying the roles and responsibilities of national contact points and competent authorities.
• Adding more offences to the Commission’s proposal, such as cases of failure to respect vehicle access restrictions or railroad level-crossing regulations, as well as hit-and-run cases.
• Further clarification of the different procedures related to accessing vehicle registration data and the different options for competent authorities to request mutual assistance to ensure that the person concerned is identified and that the traffic violation notice reaches the correct place.
• All the necessary safeguards established to protect the fundamental rights of the driver or any other concerned person.

_____

Aquest apunt en català / Esta entrada en español / Post en français

To make the European Union a leader in our data-driven society, the Council adopted a new regulation on harmonised rules on fair use and access to data.

The EU Data Act imposes an obligation on manufacturers and service providers to allow their users, whether companies or individuals, to access and reuse the data generated by the use of their products or services – from coffee machines to wind turbines. It also allows users to share this data with third parties. An example of this is that, in the not-too-distant future, car owners could choose to share certain vehicle data with a mechanic or their insurance company.

The regulation establishes new rules on who can access and use data generated in the EU in all economic sectors. It aims to:

• Guarantee fairness in the allocation of data value among stakeholders in the digital environment.
• Stimulate a competitive data market.
• Pave the way for opportunities for data-driven innovation.
• Make data more accessible to all.

The new regulation also aims to facilitate switching between data processing service providers, establishes safeguards against illegal data transfer and provides for the development of interoperability standards for data reuse across sectors.

It seeks to give both individuals and companies more control over their data through a strengthened portability right, allowing data to be easily copied or transferred from different services, where data is generated by smart objects, machines and devices. The new law will empower consumers and businesses by giving them a say in what can be done with the data generated by their connected products.

The new regulation will enable users of connected devices, ranging from smart home appliances to industrial machines, to access data generated by their use, which is often collected exclusively by manufacturers and service providers.

Regarding Internet of Things (IoT) data, the new law focuses, in particular, on the functionalities of the data collected by connected products rather than focusing on the products themselves.

The new law guarantees an adequate level of protection of trade secrets and intellectual property rights, together with the appropriate safeguards against possible abusive behaviour. While encouraging data sharing, the new regulation aims to support EU industry while providing safeguards for exceptional circumstances and dispute resolution mechanisms.

It also contains measures to prevent the abuse of contractual imbalances in data exchange contracts due to unfair contractual conditions imposed by a party with a significantly stronger bargaining position. With these measures, EU companies will be protected from unfair agreements and SMEs will have more room for manoeuvre.

The regulation provides the means for public sector bodies, the European Commission, the European Central Bank and EU bodies to access and use private sector data needed in exceptional circumstances, especially in case of public emergency, such as floods and forest fires, or to carry out a task in the public interest.

_____

Aquest apunt en català / Esta entrada en español / Post en français

As a result of several negotiations, the Council and the European Parliament have reached a political agreement on the European Union regulatory update facilitating the automated exchange of data for improved police cooperation.

At the European level, the fight against crime is a joint interest and responsibility. The agreement reached should improve the safety of European citizens, as police will be able to quickly search DNA, fingerprints, facial images, vehicle registration data and police records in law enforcement databases across Europe.

The current framework, often referred to as Prüm I, allows law enforcement authorities to consult the national databases of other member states with respect to DNA, fingerprint and vehicle registration data. In the process of improving coordination, if provided with a hit, authorities can quickly request relevant data from their foreign counterparts. The co-legislators agreed to expand the categories of data for which automated exchanges can occur. Once the updated law comes into force, law enforcement authorities will also be able to use the Prüm I scheme to investigate facial images and police records. In addition, if permitted by national legislation, it will also be possible to carry out searches in all categories to find missing persons or identify human remains.

If the database search gives a positive match, the country in question must provide the relevant data (e.g. name, date of birth, crime related to the data) within 48 hours.

The new law also modernises the technical infrastructure that supports the exchange of information. The new Prüm I regulation provides for eu-LISA (the EU agency in charge of large computer systems, such as the Schengen Information System) to implement a way to facilitate the establishment of connections between member states (and Europol) to retrieve data. This router will consist of a search tool and a secure communication channel. The police authority searching for a match will send its data (e.g. a fingerprint) to this router, and from there the query request will be sent to the databases of all other EU member states and Europol.

For automated searches of police records indexes, Member States and Europol will make use of the European Police Records Index System (EPRIS).

In accordance with the new rules, Europol, the EU agency that supports member states in the fight against organised and serious crime, will also be able to consult national databases to cross-check information it has received from third countries.

_____

Aquesta apunt en català / Esta entrada en español / Post en français

The presidency of the European Council and European Parliament negotiators have reached an agreement on a proposed EU law that would significantly improve the investigation and prosecution of environmental crime.

The aim of the new directive is to establish minimum rules on the definition of criminal offences and penalties to improve the protection of the environment, replacing the previous 2008 directive, which has become obsolete in the face of the evolution of the Union’s environmental legislation.

The directive provides a more precise definition of environmental offences and adds new types of environmental offences. It also harmonises the level of penalties for natural persons and, for the first time, for legal persons in all EU Member States.

The Council and the European Parliament agreed to increase the number of offences currently existing in EU criminal law back to 18. This broadens and clarifies the type of prohibited conduct that harms the environment. Among the new offences are timber trafficking, which is a major cause of deforestation in some areas of the world, illegal recycling of polluting components from ships and several serious breaches of chemicals legislation.

The Council and the European Parliament also agreed on a so-called ‘qualified offence’ clause. Offences referred to in the directive, and committed intentionally, are considered qualified offences if they cause destruction; irreversible, widespread and substantial damage; or long-term, widespread and substantial damage to an ecosystem of considerable size or environmental value, or to a natural habitat within a protected site, or to the quality of air, soil or water.

In the case of natural persons who commit any of the offences provided for in the directive, the text establishes the following penalties, which are more severe than the previous ones:

• for intentional crimes causing death to any person, a maximum term of imprisonment of at least ten years

• for the qualified offence with catastrophic consequences, a maximum term of imprisonment of at least eight years

• for crimes committed with at least serious negligence causing death to any person, a maximum term of imprisonment of at least five years.

• for other intentional crimes included in the legislation, a maximum prison sentence of at least five years or at least three years.

In the case of legal persons, the text establishes the following penalties:

• for the most serious infringements, a maximum fine of at least 5% of the total worldwide turnover of the legal person or, alternatively, €40 million.

• for all other offences, a maximum fine of at least 3% of the total worldwide turnover of the legal person or, alternatively, €24 million.

Additional measures may also be taken, such as obliging the offender to restore the environment or compensate for damage, excluding the offender from access to public funding or withdrawing permits or authorisations.

In addition, Member States will have to make sure that training is offered to those working to detect, investigate and prosecute environmental crime, such as judges, prosecutors and law enforcement authorities. EU countries will also have to ensure that these authorities have adequate resources, for example, in terms of the number of qualified personnel and financial resources to carry out their functions in accordance with the directive. Furthermore, the directive contains provisions on support and assistance to persons reporting environmental crime, environmental defenders and persons affected by such crimes.

_____

Aquest apunt en català / Esta entrada en español / Post en français

In order to improve the European Union’s cyber resilience, enabling the future adoption of European certification schemes for so-called ‘managed security services’, Member States’ representatives (Coreper) reached a common position on the proposal for a targeted amendment to the EU Cybersecurity Act (CSA) of 2019.

Managed security services, which are provided to customers by specialised companies, are essential for the prevention, detection, response, and recovery from cybersecurity incidents. They may involve, for example, incident detection or response, so-called penetration testing or security audits, or consultancy.

Presented together with a proposal for a Union cybersolidarity act to strengthen cybersecurity capabilities in the EU, the amendment addressed to the CSA aims to include European cybersecurity certification schemes for managed security services in the scope of the 2019 CSA regulation.

This amendment will therefore make it possible to establish European certification schemes for these services. It will help to increase their quality and comparability, promote the emergence of trusted cybersecurity service providers and avoid fragmentation of the internal market, as some Member States have already initiated the adoption of national certification schemes for managed security services.

The Council’s position entails the following main amendments to the Commission’s proposal:

– It clearly explains the definition of managed security services and the alignment with the revised Network and Information Systems (NIS 2) directive.

– The text aligns the security objectives of these certification schemes with the security objectives of other schemes under the current Cybersecurity Act.

– The text includes amendments to the Annex to the Cybersecurity Act, which contains a list of requirements to be met by conformity assessment bodies.

– A number of technical and editorial changes have been introduced to ensure that all relevant provisions of the current CSA regulations also apply to managed security services.

The Cybersecurity Act, which entered into force in 2019, established the first cybersecurity certification framework for all member states. Unless otherwise specified by Union or Member State legislation, the cybersecurity certification is voluntary.

The Commission’s proposal, adopted on April 18, 2023, targets a specific amendment to the scope of the Cybersecurity Act, which would allow the Commission to adopt implementing acts on European cybersecurity certification schemes for managed security services, in addition to information and technology, (ICT) products, ICT services and ICT processes, which are covered by the current Cybersecurity Act.

As complementary information for this agreement, the previous documents are attached:

Regulation amending the CSA as regards managed security services, Council negotiating mandate, 15 November, 2023

Specific modification of the CSA (CSA+), proposed by the Commission, 18 April, 2023

General Commission Information, 18 April, 2023

Revised Network and Information Systems Directive (NIS 2), 27 December, 2022

_____

Aquest apunt en català / Esta entrada en español / Post en français

The Council has adopted conclusions on digital empowerment to protect and enforce fundamental rights in the digital age.

These days, digitalisation infiltrates every facet of our society and personal lives. It is essential for this digital realm to be a space where fundamental rights are upheld, and individuals can assert their rights.

The text restates that fundamental rights are applicable both in online and offline contexts, emphasising the importance of ensuring everyone has the opportunity and support to gain essential digital skills. These skills are crucial not only for understanding and exercising rights, but also for fully benefiting from the growing array of online public and private services.

The conclusions focus on two core principles: empowering individuals and key sectors digitally, and establishing a secure digital environment that safeguards fundamental rights.

1. Digital empowerment of people and key sectors:

In the context that, according to Eurostat data, 46% of European citizens do not have sufficient basic digital skills, the Council invites Member States to take measures, such as:

• Promote adequate media and digital literacy.

• Take measures to ensure that everyone has equal access to online public services.

• Raise awareness of the importance of protecting privacy.

• Allocate funding to support education, training and skills development in digital media tailored to the needs of different groups of people.

2. Building a secure digital environment where fundamental rights are protected:

Various challenges, such as online disinformation leading to a decline in trust in institutions and media, pose threats to our digital environment. The increase in hate speech, hate crimes, and cyber violence further jeopardises our fundamental rights online.

While AI has the potential for significant positive impact, its use without adequate transparency, safeguards, and quality controls can also pose challenges in upholding fundamental rights and combating discrimination.

To establish a secure digital environment, the Council urges Member States to, among other measures, persist in combating online hate speech. This includes enhancing the capabilities of judicial and law enforcement authorities to investigate and prosecute illegal online hate crimes and hate speech.

The European Commission is also invited to combat online disinformation and illegal content by monitoring and enforcing the rules of the recently adopted Digital Services Act, and by regularly assessing the implementation of the 2022 Strengthened Code of Practice on Disinformation, as well as the Code of Conduct.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The representatives of the Member States of the Union have come to an agreement on the final component of a common European asylum and migration policy. At a meeting of the Council’s permanent representatives committee, Member States sealed their negotiating mandate on a regulation for crisis situations. This includes the instrumentalisation of migration and force majeure in the area of migration and asylum. This position must form the basis for negotiations between the presidency of the Council and the European Parliament.

Several European political representatives consider it a major step forward on a critical issue for the future of the EU. With the agreement, a better position is achieved to reach an agreement on the entire asylum and migration pact with the European Parliament later this year.

The new regulation establishes the framework that would allow Member States to address crisis situations in the field of asylum and migration by modifying certain rules, such as those regarding the registration of asylum applications or the asylum border procedure. These countries could also request solidarity and support measures from the EU and its member states.

In the case of a crisis or force majeure, Member States may be allowed to apply specific rules on asylum and the return procedure. In this regard, among other measures, the registration of applications for international protection may be completed no later than four weeks after the application is made, thus lightening the burden on overloaded national administrations.

A Member State facing a crisis situation may request solidarity contributions from other countries of the Union. These contributions may take the form of:

• Relocation of asylum seekers or international protection beneficiaries from the Member State in crisis to contributing Member States.
• Responsibility trade-offs, i.e., the supporting Member State would assume responsibility for examining asylum applications with the aim of relieving the Member State in a crisis situation.
• Financial aid or alternative solidarity measures.

In accordance with the principles of necessity and proportionality, and in full compliance with the fundamental rights of third-country nationals and stateless persons, these exceptional measures and solidarity support require the authorisation of the Council.

The regulation tackling crisis situation and force majeure in the area of migration and asylum is part of the New Pact on Migration and Asylum proposed by the European Commission on September 23, 2020. The pact encompasses a set of proposals to reform EU migration and asylum rules. In addition to the crisis regulation, the asylum and migration management regulation and the asylum procedure regulation are other baseline proposals.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The European Council has finally given the green light to a new EU law that will boost the exchange of digital information between national authorities and Eurojust for terrorism cases. Due to an enhanced information-sharing process on investigations and the prosecution of terrorist acts, authorities of member states and EU agencies will gain access to the most comprehensive and current data on terrorism cases.

Several European authorities have already expressed their satisfaction with the approval of this law, as it represents a qualitative leap in terms of information sharing between the member states and Eurojust, and will allow significant progress in the prosecution of terrorist crimes.

Until now, member states shared information with Eurojust on terrorism-related cases through various, not always secure, channels. In addition, the current judicial anti-terrorist registry does not allow for proper cross-checking of information.

The approved regulation should address these shortcomings and enable Eurojust to play a greater role in supporting coordination and cooperation between national authorities investigating and prosecuting terrorist offences.

Under the new rules, member states will have to provide Eurojust with information on any criminal investigations related to terrorist offences as soon as these cases are transferred to the judicial authorities. As established, the new legislation should:

Create a modern, digital case management system that stores this information and allows it to be cross-referenced.

Empower Eurojust to better detect links between transnational investigations and prosecutions in the field of terrorism and to proactively inform Member States of links found.

Create a secure digital communication channel between Member States and Eurojust.

Simplify cooperation with third countries by granting liaison prosecutors appointed at Eurojust access to the case management system.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The European Union is making it even more difficult for criminals to avoid the various anti-money laundering regulations using cryptocurrencies.

The European Council has adopted an update to the rules on information accompanying transfers of funds that extends the regulation’s scope of application to include crypto-asset transfers.

This ensures financial transparency of crypto-asset transfers and provides the Union with a robust framework that complies with the highest international standards on crypto-asset exchanges, so that crypto-assets are not used for criminal purposes.

Sweden’s Minister of Finance, Elisabeth Svantesson, considers the Council’s adoption of this regulation as an important step forwards in the fight against money laundering. This is bad news for those who misuse crypto-assets for their illegal activities, to avoid EU sanctions, or to finance terrorism or war.

With the adoption of these rules, crypto-asset service providers are required to collect certain information on the sender and beneficiary of asset transfers made through their services, regardless of the amount of the transaction, and to provide access to this information. This ensures the traceability of crypto-asset transfers, so they can be better detected and blocked in the case of possible suspicious transactions.

In parallel, the EU establishes a regulatory framework for crypto-assets, their issuers and their service providers. Accordingly, crypto-asset markets (MiCA) will, for the first time, have an EU-wide framework just for this sector.

The MiCA Regulation should protect investors by improving transparency and establishing a comprehensive framework for issuers and service providers, and will also ensure compliance with anti-money laundering regulations. The new regulations include issuers of consumer tokens, asset referenced tokens and the so-called stable cryptocurrencies, as well as service providers, such as trading venues and wallets where crypto-assets are stored. This regulatory framework aims to protect investors and ensure financial stability, while facilitating innovation and fostering the attractiveness of the crypto-asset sector.

Furthermore, in view of the global nature of crypto-asset markets, the regulatory framework introduces a harmonised regulatory framework in the European Union, which is an improvement over the current situation, where national legislation exists only in some member states.

The European Council adopted its negotiating mandate on the Regulation on crypto-asset markets on 24 November 2021, while the proposals on strengthening anti-money laundering and terrorist financing rules were adopted on 20 July 2021. The latter also includes the proposed creation of a new EU authority to combat money laundering.

_____

Aquest apunt en català / Esta entrada en español / Post en français