Main session 4 – Cybercrime, e-evidence and AI

Artificial intelligence (AI) is reshaping cybercrime, both in terms of the threats it enables and in the opportunities to investigate crime and collect electronic evidence. AI-powered tools allow cybercriminals to carry out more sophisticated and large-scale attacks, such as automated phishing campaigns that dynamically adapt to individual targets. On the other hand, AI is enhancing capabilities for the detection, prevention and prosecution of cybercrime and the collection of electronic evidence. Machine learning algorithms can analyse massive amounts of data to detect threats and extract evidence. The question is to what extent current domestic and international legal frameworks (including the Convention on Cybercrime) are applicable to AI in terms of (a) offences, (b) procedural powers to investigate crime and collect electronic evidence, and (c) international cooperation. In December 2024, the Cybercrime Convention Committee (T-CY), therefore, established a working group tasked to explore this question in the form of a mapping study. This session of the Octopus Conference will feed into the work of the T-CY Working Group on AI.  The purpose of this session is to:

• Exchange views on underlying concepts regarding AI, cybercrime and e-evidence
• Provide an update – with examples – of offences committed against, by and by means of AI systems
• Identify legal and practical challenges to the use of AI for the collection of e-evidence and international cooperation.

Questions for discussion:

• What are the typical offences committed against, by and by means of AI systems and how legislators should adapt to these trends?
• AI-driven offences may expose gaps in current laws, how can we create adaptive legislation without restricting innovation? Can the offences of the Convention on Cybercrime be applied?
• Criminal law may have difficulties resolving the questions related to intent, liability and negligence in AI-related crimes, should we rethink traditional legal principles? 
• How to gather electronic evidence in relation to AI crimes and cooperate with AI service providers. How can the Convention on Cybercrime be applied
• How can we ensure that the AI tools used by the criminal justice authorities are applied in accordance with human rights and rule of law conditions and safeguards, rules on territoriality and jurisdiction and maintaining the chain of custody?
• How can targeted capacity-building initiatives empower law enforcement, judicial authorities, and policymakers to stay ahead of cybercriminals while ensuring legal and ethical compliance?