Second Additional Protocol to the Cybercrime Convention on enhanced co-operation and disclosure of electronic evidence (CETS No. 224) 

Official text and translations

  Treaty Office: English Second Additional Protocol

  Treaty Office: French Second Additional Protocol

  Treaty Office: Official and non-official languages

Council of Europe Publications

 PDF Booklets (Convention, Protocols and Guidance notes ) EN / FR / ES / PT / ARA

 Special edition of the Second Additional Protocol  

While cybercrime is proliferating and the complexity of obtaining electronic evidence that may be stored in foreign, multiple, shifting or unknown jurisdictions is increasing, the powers of law enforcement are limited by territorial boundaries. As a result, only a very small share of cybercrime that is reported to criminal justice authorities is leading to prosecutions or court decisions.

The Protocol responds to this challenge and provides tools for enhanced co-operation and disclosure of electronic evidence - such as direct cooperation with service providers and registrars, effective means to obtain subscriber information and traffic data, immediate co-operation in emergencies or joint investigations - that are subject to a system of human rights and rule of law, including data protection safeguards.

What is the Second additional Protocol?

 

  • Watch the video in FR or  ES

Tools of the Second Additional Protocol

  • Direct requests to registrars in other jurisdictions to obtain domain name registration information
  • Direct co-operation with service providers in other jurisdictions to obtain subscriber information
  • More effective means to obtain subscriber information and traffic data through government-to-government co-operation
  • Expeditious co-operation in emergency situations
  • Joint investigation teams and joint investigations
  • Video conferencing
  • A strong system of human rights and rule of law safeguards, including for the protection of personal data
lATEST NEWS

Back CyberSEE and CyberSPEX: International workshop on the implementation of the Second Additional Protocol to the Convention on Cybercrime (Budapest Convention)

CyberSEE and CyberSPEX: International workshop on the implementation of the Second Additional Protocol to the Convention on Cybercrime (Budapest Convention)

The CyberSEE and  CyberSPEX joint projects of the European Union and the Council of Europe teamed up and organised the International workshop on the implementation of the Second Additional Protocol (2AP) to the Convention on Cybercrime (Budapest Convention) on 10-11 December 2025, in Sarajevo, Bosnia and Herzegovina.

By gathering legislators, advisors, and practitioners from the judiciary and law enforcement from EU member states, South-East Europe and Türkiye, the workshop provided a technical platform to examine the requirements and challenges posed by the implementation of the Protocol.

At the same time, the workshop addressed potential solutions for domestic challenges in implementing the instrument and its interaction with the EU e-Evidence package and other legal treaties. Participants enhanced their knowledge of the Second Protocol implementation processes, identified legislative requirements, exchanged good practices, and identified counterparts for further support, while reaffirming the need for strengthened interagency cooperation, enhanced peer exchange and sustained technical assistance.

The national progress made in the implementation of the Second Protocol by Albania, Bosnia and Herzegovina, Italy, Montenegro, North Macedonia and Slovenia generated active discussions on the use of definitions, the appointment of authorities, data protection requirements and the interaction with other EU instruments like EU e-Evidence package, NIS2 directive and EU GDPR.

Experience in cooperation with service providers and in emergency situations were shared by Belgium, Bosnia and Herzegovina, Kosovo*, Latvia, Serbia and Türkiye by presenting concrete cases. The discussions highlighted the current procedures and supported the view on the benefits provided by the Second Protocol on getting access to data from across jurisdictions.  

The Cybercrime Programme Office, through its projects, plays a major role in strengthening the response to cybercrime and electronic evidence by providing policy support, specialised technical assistance and sustained institutional capacity development, in line with international standards.

 Cybercrime Programme Office (C-PROC)

 CyberSEE Project

 CyberSPEX Project

 Convention on Cybercrime (Budapest Convention)

Second Additional Protocol

SARAJEVO, BOSNIA AND HERZEGOVINA 10-11 DECEMBER 2025
  • Diminuer la taille du texte
  • Augmenter la taille du texte
  • Imprimer la page
In brief

52

signatories in total*

4

countries have ratified the Protocol (out of the 52 signatories)*

See the full list on the Treaty Office webpage

timeline

15 April 2026

Costa Rica became the fourth state to ratify the Second Additional Protocol to the Convention on Cybercrime

5 February 2026

Hungary became the third state to ratify the Second Additional Protocol to the Convention on Cybercrime - Cybercrime

14 November 2025

Bosnia and Herzegovina became the 52nd State to sign the Second Additional Protocol to Convention on Cybercrime - Cybercrime

9 July 2025

Norway becomes the 51st State to sign the Second Additional Protocol

5 June 2025

Fiji signs the Second Additional Protocol (becoming the 50th State)

 27 March 2025

Latvia becomes the 49th State to sign the Second Additional Protocol

12 December 2024

Peru becomes the 48th State to sign the Second Additional Protocol

24 September 2024

Paraguay becomes the 47th State to sign the Second Additional Protocol

20 June 2024

 Czechia and Sierra Leone become the 45th and 46th States to sign the Second Additional Protocol

17 June 2024

 Georgia becomes the 44th State to sign the Second Additional Protocol

16 November 2023

 Armenia becomes the 43th State to sign the Second Additional Protocol

28 June 2023

 Hungary, Cabo Verde and Ghana become 40th, 41rst and 42nd states to sign the Second Additional Protocol

22 June 2023

 Malta becomes the 39th State to sign the Second Additional Protocol

20 June 2023

 Canada becomes the 38th State to sign the Second Additional Protocol

31 May 2023

 Mauritius becomes the 37th State to sign the Second Additional Protocol

27 February 2023

Albania becomes the 36th State to sign the Second Additional Protocol

16 February 2023

Argentina becomes the 35th State to sign the Second Additional Protocol

30 January 2023

The Dominican Republic becomes the 34th State to sign the Second Additional Protocol

 27 January 2023

France and Germany become the 32nd and 33rd signatories

 20 January 2023

Greece becomes the 31rst signatory

 30 November 2022
 6 Parties sign the Second additional Protocol [Croatia, Moldova, Slovenia, Sri Lanka, Ukraine and the United Kingdom]

 13 June 2022
Costa Rica becomes 24th signatory

20 May 2022
Andorra becomes 23rd signatory

12 May 2022
 22 Parties sign the Second additional Protocol at the opening for signature conference [Austria, Belgium, Bulgaria, Chile, Colombia, Estonia, Finland, Iceland, Italy, Japan, Lithuania, Luxembourg, Montenegro, Morocco, Netherlands, North Macedonia, Portugal, Romania, Serbia, Spain, Sweden and the United States of America]

 17 November 2021
 The Second additional Protocol is adopted by the Committee of Ministers

 
#cyber2AP

Opening for signature, 12 May 2022

Watch the videos of the event, scroll through the photo gallery and read all of our resources from panel members on the event page