Clifford Chance

A new Guidance Note from the Cybercrime Convention Committee ("T-CY") clarifies how authorities can share information across borders without prior request, expanding opportunities for effective international criminal investigations.

The Legal Framework

The Budapest Convention on Cybercrime (the "Convention"), established by the Council of Europe in 2001, stands as the primary international instrument for addressing cybercrime and the collection of electronic evidence. It sets out a comprehensive framework for cooperation among its Parties, supporting the effective prevention, investigation, and prosecution of offences involving computer systems and data.

The T-CY, responsible for guiding the implementation and interpretation of the Convention, has recently issued Guidance Note #14, dated 25 June 2025 (the "Guidance Note") [link: https://rm.coe.int/t-cy-2025-3-en-guidancenote-art-26-v36-adopted/1680b68b7a], which addresses the concept of 'spontaneous information' under Article 26 of the Convention. The Guidance Note provides clarity on how authorities may proactively share relevant information with their corresponding authorities in other States, even in the absence of a prior formal request.

Key Points from Guidance Note

1. What is 'Spontaneous Information Sharing'?

Article 26 allows a Party to forward information obtained during its own investigations to another Party if it believes that such information could assist the recipient in initiating or conducting investigations or proceedings, even in the absence of a formal request. The transmission is discretionary and must comply with domestic law and fundamental rights safeguards.

2. Nature and Scope of Information

The term 'information' is interpreted broadly, encompassing computer data, investigative reports, bank account details, IP addresses, communication content, and more.

There are no strict limitations on the type of offence to which spontaneous information sharing may apply: it can relate to any crime where cooperation may be beneficial. Pursuant to Article 23 of the Convention, which sets out the general principles of international cooperation, this mechanism extends not only to offences involving computer systems and data, but also to any situation where electronic evidence is relevant

In practice, authorities can share information that might help another State start or advance an investigation, prevent a crime, or even prompt a formal request for mutual legal assistance. The decision to share is based on relevance, and the receiving State has the discretion to determine how to use the information, provided it respects any conditions set by the sender.

3. Competent Authorities and Channels

Article 26 leaves it to each Party to determine which authorities are competent to transmit information (e.g., police, prosecutors, judges) and which channels to use. These may include central or direct contacts, as well as international networks such as INTERPOL, EUROPOL, or the 24/7 network established by the Convention.

4. Conditions and Limitations

The providing Party is entitled to impose specific conditions on the use of the information transmitted, which may include requirements of confidentiality, restrictions on further dissemination, or limitations regarding its admissibility as evidence. Should the receiving Party be unable to comply with any such conditions, it is obliged to notify the provider accordingly, whereupon the provider shall determine whether the transmission should proceed.

Whether the information can be used as evidence depends on both the receiving Party's domestic law and any conditions set by the provider. To facilitate the process and avoid procedural issues, the Guidance Note recommends that Parties engage in prior consultation concerning how the information will be shared and its intended use. If the receiving Party's law requires a formal mutual legal assistance request to use the information as evidence, the provider should not decline to comply with such a request solely on the basis that the information was previously shared spontaneously. For the sake of clarity and procedural efficiency, particularly where a subsequent formal request is anticipated, the Guidance Note further recommends that Parties maintain precise records of the information transmitted (for example, by utilising zipped files and hash values), thereby ensuring that identical data can be readily supplied in response to any future requests.

5. Consultation and Follow-up

The Guidance Note encourages consultation between Parties both before and after the transmission of information, especially to clarify conditions of use or to provide updates on the outcome of investigations. This practice enhances cooperation and transparency.

6. Case Studies

The Guidance Note provides real-world scenarios where spontaneous information sharing can be crucial, such as investigations into ransomware attacks, transnational computer-related fraud, etc.

Implications for Legal Practice

The mechanism established by Article 26 of the Convention, as further clarified by the Guidance Note, is of particular significance for practitioners engaged in cross-border investigations involving electronic evidence. It enables competent authorities to share information on a spontaneous basis, without the necessity of a prior formal request, thereby expediting and enhancing international cooperation, particularly in urgent matters or cases involving the dark web or substantial volumes of data. This is especially significant in the context of cyber-enabled financial crime.

Criminal practitioners may strategically leverage Article 26 by advising clients about the potential for rapid information exchange, negotiating or challenging conditions imposed on the use of shared information (such as confidentiality or evidentiary restrictions), liaising with authorities to maximize the evidentiary value of such information while mitigating procedural complexities, and facilitating the submission of a formal mutual legal assistance request where necessary to regularize evidence for use in proceedings.

As international cooperation in cybercrime investigations becomes increasingly complex, the ability to respond swiftly and effectively to cross-border challenges will be a defining feature of successful legal practice. By remaining attentive to evolving frameworks such as the Budapest Convention and its Protocols, legal professionals can ensure they are well-positioned to protect their clients’ interests and enhance cross-border criminal defence or prosecution strategies.