Cybercrime

Cybercrime consists of criminal acts committed online by using electronic communications networks and information systems. The EU has implemented laws and supports operational cooperation through non-legislative actions and funding.

Cybercrime is a borderless issue that can be classified in three broad definitions:

crimes specific to the internet, such as attacks against information systems or phishing (e.g. fake bank websites to solicit passwords enabling access to victims' bank accounts)
online fraud and forgery: large-scale fraud can be committed online through instruments such as identity theft, phishing, spam and malicious code
illegal online content, including child sexual abuse material, incitement to racial hatred, incitement to terrorist acts and glorification of violence, terrorism, racism and xenophobia

Many types of crime, including terrorism, trafficking in human beings, child sexual abuse and drugs trafficking, have moved online or are facilitated online. As a consequence, most criminal investigations have a digital component.

EU laws and actions aim to:

improve the prevention, investigation and prosecution of cybercrime and child sexual exploitation
build capacity in law enforcement and the judiciary
work with industry to empower and protect citizens

EU law on cybercrime

EU rules on cybercrime correspond to and build on different provisions of the Council of Europe Convention on Cybercrime.

2020
Proposal for Interim Regulation on the processing of personal and other data for the purpose of combatting child sexual abuse
2019
Directive on non-cash payment fraud
The directive updates the legal framework, removing obstacles to operational cooperation and enhancing prevention and victims’ assistance, to make law enforcement action against fraud and counterfeiting of non-cash means of payment more effective.
2018
Proposals for Regulation and Directive facilitating cross-border access to electronic evidence for criminal investigations
2013
Directive on attacks against information systems
The directive aims to tackle large-scale cyber-attacks by requiring EU countries to strengthen national cyber-crime laws and introduce tougher criminal sanctions.
2011
Directive on combating the sexual exploitation of children online and child pornography
The directive includes measures that better address new developments in the online environment, such as grooming (offenders posing as children to lure minors for the purpose of sexual abuse).

The European Cybercrime Centre

Established by the European Commission in 2012, the European Cybercrime Centre at Europol, acts as the focal point in the fight against cybercrime in the EU, pooling European cybercrime expertise to support Member States' cybercrime investigations and providing a collective voice of European cybercrime investigators across law enforcement and the judiciary.

The Commission ensures alignment of the European Cybercrime Centre's work with the EU cybercrime policy, ensuring that the Centre has sufficient resources.

Examples of successful operations

EMPACT

EMPACT (European Multidisciplinary Platform Against Criminal Threats) is a security initiative driven by EU Member States to identify, prioritise and address threats posed by organised and serious international crime. EMPACT runs in four-year cycles. Cyber Attacks, Online Fraud Schemes and Child Sexual Exploitation are priorities under the cycle 2026-2029. It is a multidisciplinary cooperation platform of Member States, supported by all EU institutions, bodies and agencies. Third countries, international organisations, and other public and private partners are also associated.

E-evidence

Crime leaves digital traces that can serve as evidence in court proceedings. That is why effective and common EU mechanisms to obtain digital evidence should be established.

visual displaying people working in front of screens

International cooperation against cybercrime

Find out more about the international cooperation against cybercrime