Second Additional Protocol to the Cybercrime Convention on enhanced co-operation and disclosure of electronic evidence (CETS No. 224) 

Official text and translations

  Treaty Office: English Second Additional Protocol

  Treaty Office: French Second Additional Protocol

  Treaty Office: Official and non-official languages

Council of Europe Publications

 PDF Booklets (Convention, Protocols and Guidance notes ) EN / FR / ES / PT / ARA

 Special edition of the Second Additional Protocol  

While cybercrime is proliferating and the complexity of obtaining electronic evidence that may be stored in foreign, multiple, shifting or unknown jurisdictions is increasing, the powers of law enforcement are limited by territorial boundaries. As a result, only a very small share of cybercrime that is reported to criminal justice authorities is leading to prosecutions or court decisions.

The Protocol responds to this challenge and provides tools for enhanced co-operation and disclosure of electronic evidence - such as direct cooperation with service providers and registrars, effective means to obtain subscriber information and traffic data, immediate co-operation in emergencies or joint investigations - that are subject to a system of human rights and rule of law, including data protection safeguards.

What is the Second additional Protocol?

 

  • Watch the video in FR or  ES

Tools of the Second Additional Protocol

  • Direct requests to registrars in other jurisdictions to obtain domain name registration information
  • Direct co-operation with service providers in other jurisdictions to obtain subscriber information
  • More effective means to obtain subscriber information and traffic data through government-to-government co-operation
  • Expeditious co-operation in emergency situations
  • Joint investigation teams and joint investigations
  • Video conferencing
  • A strong system of human rights and rule of law safeguards, including for the protection of personal data
lATEST NEWS

Back CyberSPEX: Third Steering Committee meeting in support of the implementation of the Second Additional Protocol

CyberSPEX: Third Steering Committee meeting in support of the implementation of the Second Additional Protocol

The CyberSPEX project, a joint initiative of the European Union and the Council of Europe, held its Third Steering Committee meeting in Sarajevo, on 9 December 2025. The meeting was organised back-to-back with the Second Protocol Workshop for EU member states and South-East European countries and Türkiye.

The event brought together representatives from EU member states, EU institutions and partner initiatives to review progress in the implementation of the Second Additional Protocol (2AP) to the Convention on Cybercrime (Budapest Convention) in the project countries. Moreover, it highlighted the project’s strong engagement through the Regional meetings and in-country events. Major events organised by CyberSPEX like the EUROJUST/CoE co-branded workshop and the 2nd T-CY consultation with service providers and the industry were marked as important venues for the exchange of knowledge and opinion. Participants discussed achievements and challenges in aligning domestic legislation with the Protocol and shared updates on the national implementation efforts.

The Steering Committee also examined ongoing project activities and endorsed priorities for the December 2025 – June 2026 workplan, including tailored capacity-building support, development of guidance tools, and cooperation with EU-funded initiatives such as SIRIUS.

CyberSPEX will continue to support EU member states in strengthening cross-border cooperation on electronic evidence, while ensuring compliance with human rights, the rule of law and data protection safeguards.

Cybercrime Convention (Budapest Convention)

Second Additional Protocol to the Convention on Cybercrime, on enhanced co-operation and disclosure of electronic evidence

Explanatory Report to the Second Additional Protocol to the Convention on Cybercrime

Cybercrime Programme Office (C-PROC)

CyberSPEX Project

Sarajevo, Bosnia and Herzegovina 9 December 2025
  • Diminuer la taille du texte
  • Augmenter la taille du texte
  • Imprimer la page
In brief

52

signatories in total*

4

countries have ratified the Protocol (out of the 52 signatories)*

See the full list on the Treaty Office webpage

timeline

15 April 2026

Costa Rica became the fourth state to ratify the Second Additional Protocol to the Convention on Cybercrime

5 February 2026

Hungary became the third state to ratify the Second Additional Protocol to the Convention on Cybercrime - Cybercrime

14 November 2025

Bosnia and Herzegovina became the 52nd State to sign the Second Additional Protocol to Convention on Cybercrime - Cybercrime

9 July 2025

Norway becomes the 51st State to sign the Second Additional Protocol

5 June 2025

Fiji signs the Second Additional Protocol (becoming the 50th State)

 27 March 2025

Latvia becomes the 49th State to sign the Second Additional Protocol

12 December 2024

Peru becomes the 48th State to sign the Second Additional Protocol

24 September 2024

Paraguay becomes the 47th State to sign the Second Additional Protocol

20 June 2024

 Czechia and Sierra Leone become the 45th and 46th States to sign the Second Additional Protocol

17 June 2024

 Georgia becomes the 44th State to sign the Second Additional Protocol

16 November 2023

 Armenia becomes the 43th State to sign the Second Additional Protocol

28 June 2023

 Hungary, Cabo Verde and Ghana become 40th, 41rst and 42nd states to sign the Second Additional Protocol

22 June 2023

 Malta becomes the 39th State to sign the Second Additional Protocol

20 June 2023

 Canada becomes the 38th State to sign the Second Additional Protocol

31 May 2023

 Mauritius becomes the 37th State to sign the Second Additional Protocol

27 February 2023

Albania becomes the 36th State to sign the Second Additional Protocol

16 February 2023

Argentina becomes the 35th State to sign the Second Additional Protocol

30 January 2023

The Dominican Republic becomes the 34th State to sign the Second Additional Protocol

 27 January 2023

France and Germany become the 32nd and 33rd signatories

 20 January 2023

Greece becomes the 31rst signatory

 30 November 2022
 6 Parties sign the Second additional Protocol [Croatia, Moldova, Slovenia, Sri Lanka, Ukraine and the United Kingdom]

 13 June 2022
Costa Rica becomes 24th signatory

20 May 2022
Andorra becomes 23rd signatory

12 May 2022
 22 Parties sign the Second additional Protocol at the opening for signature conference [Austria, Belgium, Bulgaria, Chile, Colombia, Estonia, Finland, Iceland, Italy, Japan, Lithuania, Luxembourg, Montenegro, Morocco, Netherlands, North Macedonia, Portugal, Romania, Serbia, Spain, Sweden and the United States of America]

 17 November 2021
 The Second additional Protocol is adopted by the Committee of Ministers

 
#cyber2AP

Opening for signature, 12 May 2022

Watch the videos of the event, scroll through the photo gallery and read all of our resources from panel members on the event page