Status regarding Budapest ConventionStatus : Party See legal profile
Armenia currently has no dedicated strategy or action plan on cybercrime. However, as of 2022 the work is ongoing through collaborative effort of several Government entities to develop a comprehensive Cybersecurity Strategy that will contain cybercrime policies.
In absence of a formal cybersecurity strategy, the National Security Service is responsible for cybersecurity policy and the protection of government websites and networks. Furthermore, a concept for an Information Security Strategy was developed in 2009, which outlines certain activities to be implemented. The Digitalization Strategy of Armenia has been adopted in February 2021 and includes certain measures regarding cybersecurity activities and laws in the area of cybersecurity and data protection.
State of cybercrime legislation
Armenia has initiated comprehensive reform of its criminal procedure legislation several years ago (the start of formal process dating back to 2009). Armenia has adopted new Criminal Code (Armenian) and the Code of Criminal Procedure (Armenian) in summer 2021, which came into force on January 2022.
In terms of substantive law, the 2003 Criminal Code of Armenia contains elements of all substantive law offences provided by the Budapest Convention (BC):
- Articles 2-6 of the BC (c-i-a offences) are fully implemented;
- General definitions of forgery and fraud are also provided, however with no specific computer data elements referenced (corresponding Articles 7-8 BC);
- There is a lack of necessary definitions of child pornography offences (Art. 9 BC);
- General provision is also used for Intellectual Property Rights offences (Art. 10 BC);
- Criminal Procedure Code also contains concepts of attempt, aiding and abetting implemented (Art. 11 BC).
No corporate liability provisions are included (Art. 12 BCC).
The 1999 Criminal Procedure Code does not implement procedural powers in compliance with the Budapest Convention.
The notions of electronic evidence for the purpose of criminal proceedings, as well as important definitions of subscriber information, traffic data and content data, as required by the Convention, are not implemented as a part of general definitions of the criminal procedure or related legislation.
Armenia so far has not implemented provisions on expedited preservation of stored computer data (Article 16 BC) and expedited preservation and partial disclosure of traffic data (Article 17 BC) as standalone measures in its procedural legislation. In the context of compliance with international requests for preservation received and processed by the authorities, search and seizure is the option used as an alternative.
There are also no specific provisions in domestic legislation with the scope and purpose corresponding to Article 18 of BC (production orders). Instead, it is argued that search and seizure is the default measure used to obtain stored computer data in a person’s possession or control.
In terms of search and seizure of stored computer data (Article 19 of BC), there are no provisions in the procedural legislation which would provide for a specific, computer-related search and seizure measures. Therefore, traditional powers of search and seizure of tangible objects are used to give effect to Article 19. A general requirement justifying application of the search measure is that there are “sufficient grounds to suspect that in some premises or in some other place or in possession of some person, there are instruments of crime, articles and valuables acquired by criminal way, as well as other items or documents, which can be significant for the case” (Code of Criminal Procedure, Article 225); the term “document” is interpreted broadly enough to cover computer data. From the formal viewpoint, search is executed based on a court order (Article 225, par. 3).
Implementation of special provisions in the context of search and seizure provided by Article 19 of BC (search of a connected system; making and retaining a copy of those computer data; maintaining the integrity of the relevant stored computer data; rendering inaccessible or removing those computer data in the accessed computer system) is not found in the procedural legislation of Armenia.
In Armenian legislation, no distinction is made between the real-time collection of traffic data and interception of content data (Articles 20, 21 of BC). The same set of legal rules, conditions and safeguards is used in relation to both measures. The Code of Criminal Procedure (Articles 239, 241) provides for general legal conditions for the execution of these measures, while the Law on Operative-Detective Activity (2007) defines, in its Article 26, general measure of wiretapping, also applicable to computer data. Under this Article, it is possible to collect certain categories of data which qualify as traffic data in the terms of Convention using general wiretapping procedure.
In terms of horizontally applicable conditions and safeguards (Article 15 of BC), most of the elements limiting and controlling the application of more intrusive measures (search and seizure, real-time collection of traffic data and content interception) are present - such as existence of criminal investigation, judicial order, limitation as to gravity of offences and other conditions.
Related laws and regulations
On 23 November 2015 the Investigative Committee signed a Memorandum of Understanding with Armenian Internet service providers, such as ArmenTel, K-Telecom, UCom, Orange Armenia, with the intention of reducing workload and saving human resources. The main goals of the Memorandum are to undertake effective joint measures in the direction of operative transmission of court decisions and transcripts, and to develop cooperation on introduction of technical capabilities. Within this framework, parties agreed to communicate in a standardized manner (including cover letters, electronic signatures) and agreed to cooperate in solving issues as soon as possible in case of such procedures. Furthermore, the providers agreed to process electronic transmissions from the Investigative Committee within a short period of time and to execute expeditiously court decisions which are designated as “urgent”. A second objective of the Memorandum is to ensure that Internet Access Providers retain traffic data of their users for a set period.
Legislation and regulations
Criminal Code of the Republic of Armenia (2003) (unofficial translation)
Criminal Procedure Code of the Republic of Armenia (1998, amended 2016) (unofficial translation)
Criminal Code of the Republic of Armenia (06 Jan. 2022) (Armenian)
Criminal Procedure Code of the Republic of Armenia (2021) (Armenian)
Law on operative-search activities (2007)
Law on Population Protection in Emergency Situations (1998) (unofficial translation)
- Division for Combating High-Tech Crime under the General Department of Criminal Police of the Republic of Armenia is a centralized unit which is dedicated to handle cybercrime with country-wide competency. The police have 10 days to determine the fundamental facts and the legal basis for the investigation itself and then deciding to either close the matter, send the case to local police where evidence or a perpetrator is located, or transfer the matter to the Investigative Committee. Thus, the Division is the primary police unit handling cybercrime cases at the preliminary stage (before an official investigation is opened by the Investigative Committee) and providing support to local units. There are 8 officers employed at the Division for Combating High-Tech Crime under the General Department of Criminal Police. There are no specialized local units; where necessary, additional resources of the Organized Crime Department are used (either at the local offices or the headquarters). The Division is competent to investigate offences committed against computer systems such as hacking, attacks on the critical infrastructure, illegal interception and data interference. The Division is also competent to deal with offences involving technology such as computer related fraud, Internet crimes, offences involving the abuse of children, intellectual property offences as well as racism and xenophobia.
- Investigative Committee of the Republic of Armenia - since the reform of the criminal procedure in 2011, 95% of the criminal cases in Armenia are investigated by Investigative Committee, the remaining cases being handled by specialized units for tax and customs fraud or investigations into public officials. The Committee has 6 investigators on staff dedicated to cybercrime cases. The investigator files the criminal case with the prosecutor and leads the investigative procedure. The Committee does not dispose of a computer forensics laboratory but instead makes use of external expertise for the analysis of electronic evidence.
- National Bureau of Expert Evaluation – it is a state non-profit organization of the National Academy of Sciences of the Republic of Armenia, that provides expert evaluation assigned by criminal prosecution and justice administration authorities.
- Financial Monitoring Center (FMC) was established in 2005 as a separate unit in the structure of the Central Bank of Armenia. The FMC is an administrative-type financial intelligence unit, which acts as an intermediary between reporting entities and law enforcement authorities. The mission of the FMC is to combat money laundering and terrorism financing (AML/CFT). The main function of the FMC is to collect, analyze and exchange information for AML/CFT purposes. In addition, the FMC represents the Republic of Armenia in several international organizations and structures, while actively participating in international AML/CFT initiatives.
- CERT-AM is the Armenian national Computer Emergency Response Team (CERT). CERT AM collects and analyzes computer incident cases (i.e. attempts or facts of violation of local rules and policies or rules globally accepted by Internet community on using computer resources), concerning network resources located in Armenia as well as responses to them with the aim of preventing, stopping and collecting evidences about an incident. CERT AM also serves as a contact point for users who needs an assistance in dealing with ISPs and Armenian official bodies which are in charge for investigating computer crime cases.
Competent authorities and channels
- The Division for Combating High-Tech Crime under the General Department of Criminal Police of the Republic of Armenia, processes requests for police-to-police cooperation under the Budapest Convention and the G7 networks on 24/7 contact points. It processes only operative and intelligence information (cannot be used as evidence in criminal proceedings) and does not receive and process mutual legal assistance (MLA) requests. Information received through the 24/7 point of contact is forwarded to competent investigative authorities; if the specific investigative action is required, referral is done through the Prosecutor’s Office. Technical assistance and support and advice can be provided by the 24/7 point of contact.
- If the request requires investigative actions, it is sent back with indication that an MLA process is required; while where request generally concerns content data, then, irrespective of the nature of request, it is refused with an indication that other channels must be used.
- At the stage of pre-trial investigation, the competent authority for MLA is the Department for International Legal Cooperation at the Prosecutor General’s Office. Prerequisite for request at this stage is the Red Notice / Diffusion Notice (circulated by Interpol). Reciprocity is also a prerequisite – written confirmation from the requesting state is necessary.
- At the trial stage, the Ministry of Justice (Department for International Legal Cooperation) oversees the MLA process. A prerequisite for the request is the Red Notice by Interpol / Diffusion Notice (attached to request). Request according to the European Convention on Extradition of 1957 should be supported by documents noted in Article 12 of BC. In general, an indication of clear legal basis for the request is necessary; otherwise, reciprocity is a prerequisite – in the form of express written assurance of reciprocity from the requesting State.
- In the absence of treaties and based on reciprocity, the Ministry of Foreign Affairs (Consular Department) is the channel through which the request is received. The Ministry of Justice is the consenting body for reciprocity. The request must include assurances of reciprocity. Only the official written request needs to go through the Ministry of Foreign Affairs.
- For outgoing requests, at the pre-trial stage the General Prosecutor’s Office receives communications from investigative agencies and, if there is no specific treaty basis to continue otherwise, the request is translated and sent to the Ministry of Foreign Affairs for processing via diplomatic channels. The process is the same for trial stage and is performed via the Ministry of Justice.
Sources and links
- Armenia police warn of growing cybercrime rate (12 June 2018), Stepan Kocharyan, Armenpress;
- Armenia and Europol sign agreement to combat cross-border serious organised crime (18 Nov 2021), EUROPOL
Reports and research
- Armenia: Freedom on the Net 2020 Country Report (2021), Freedom House
Databases and institutions
National Assembly of the Republic of Armenia
- Central Office of Police of the Republic of Armenia
- Investigative Committee of the Republic of Armenia
- Armenia National Cyber Security Index
- UNIDIR Cyber Policy Portal
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.