Back Ecuador

    Status regarding Budapest Convention

Status regarding Budapest Convention

Status : NA See legal profile

Cybercrime policies/strategies

The government of Ecuador has adopted the National Plan for Electronic Governance 2018 – 2021. This document provides an assessment of Ecuador’s current situation and a comprehensive plan for setting up e-government services. As of June 2022, a National Cybersecurity Strategy was being prepared by the Ecuadorian Government.

Specialised institutions

  • Unidad De Investigación De Delitos Tecnológicos: This department is part of the Judicial Police is divided in seven sections: (1) Electronic Fraud; (2) Intellectual Property; (3) ICT Networks; (4) Child Pornography; (5) Digital Content Analysis; (6) Surveillance & Web Tracking; (7) Cyber Security Emergency Response. The unit’s main objectives are: (a) implement digital investigations; (b) alert the Prosecutor Office about the commission of an ICT-based alleged crime; (c) identify new criminal modalities in the digital field; (d) promote international police cooperation through the development of investigative strategies aimed at combating the criminal phenomenon in cyberspace.

  • EcuCERT (set up in 2014): This office is part of the Agencia de Regulacion y Control de las Telecomunicaciones / ARCOTEL (Telecommunications Regulation and Control Agency) acting within the scope of application of the Organic Telecommunications Law/ Ley Orgánica de Telecomunicaciones. It is tasked with protecting the security of country’s telecommunications networks and of the Internet network. To accomplish its mandate it also cooperates with other CSIRT teams inside and outside Ecuador. Its target community is: ARCOTEL, telecommunication service providers, public and private sector institutions that request their services.

Jurisprudence/case law

The following are cases that reached the highest ordinary court of justice in Ecuador – Corte Nacional de Justicia / the National Court of Justice (NCJ). Full case details can be found here, searching by case number:

Online Child Exploitation: Case on COIP Art. 173 Contacto con finalidad sexual con menores de dieciocho años por medios electrónicos

  • Case 26850 (judgement 17721-2016-0592): a 15 years old girl was caught by her mother on 11 February 2015 receiving love/sexual messages requesting physical interaction on WhatsApp since December 2014 from the defendant Jean Damien Paúl Toulouse. The court of 1st instance found the defendant guilty under Art. 173 of COIP and sentenced him to four years in prison and a fine. The defendant appealed, but the court of 2nd instance (Provincial Court of Justice of Pichincha) upheld the ruling of the lower court on 22 March 2016. The defendant further appealed to the National Court of Justice arguing that the law (in this case the COIP) cannot be applied retroactively – i.e. messages were sent in 2011 when the victim was 12 years old, and requested the cassation of the previous rulings of guilt. The prosecution pointed out that while the online relationship indeed started when the victim was 12 years old (i.e. in 2011), it was discovered and was still happening after the COIP went in force (Aug. 2014). Therefore, the issues at hand were: nullum crimen sine lege and continued crime. The NCJ upheld the lower courts’ decisions arguing that the defendant did not demonstrate that the previous rulings constitute a violation of the law.

Computer-Related Fraud: cases on COIP Art. 190 - Apropiación fraudulenta por medios electrónicos

  • Case 38623 (judgement 0634-2015): in August 2010, Mr. Juan Gabriel Carranco Romo used a stolen debit card to withdraw USD600 from an ATM. In November 2014, Mr. Romo was found guilty of illegal appropriation based on Articles 553.1 and 552.2 of the Penal Code (i.e. the precursor to the 2014 COIP), and sentenced to the maximum penalty of 5 years prison sentence, a penalty fine of USD1,000, and a fine for damages of USD3,000. Both the accused and the victim appealed the decision of the lower court. The Provincial Court of Justice dismissed the defendant’s appeal, but accepted that of the victim’s and increased the fine for damages to USD9,000. Both the accused and the victim appealed to the NCJ. The defendant’s appeal argued that the wrong articles and code (Art. 553.1 and 552.2 of the Penal Code) instead of Article 190 of COIP (fraudulent appropriation by electronic means) were applied to charge and sentence the defendant. The victim countered by arguing the defendant had been charged with the correct crime based on the legislation in force at the time of the commission of the crime (i.e. the Penal Code; the COIP came in force in February 2014). The National Court of Justice dismissed the victim’s appeal for want of legal grounds, but accepted the accused’s appeal and agreed that Article 190 of COIP applied. Thus, the defendant’s sentence was commuted to one year in prison as per Article 190 of COIP.
  • Case 27081 (judgement 17721-2016-0586): the defendant, Mr. Morales, worked for a company in charge of maintaining ATMs for various banking institutions, including Banco del Pichincha from 2007-2013. From 13-15 Oct. 2012 users of this bank reported that money had been stolen from their accounts via ATM transactions. A computer expert testified that the ATMs were compromised in multiple ways through the connection of external hard-drives (e.g. changes to/disabling of the antivirus software; the introduction of software that recorded inputs into the system – e.g. passwords, email addresses) allowing for remote access with cloned ATM cards. The prosecution also established through records and eye-witness testimonies that the only person that performed maintenance on the two ATMs for which damages were decided by the court had been the defendant.

The decision of the court of first instance (5 Oct. 2015) which exonerated the defendant, was reversed on appeal by the Provincial Court of Justice (17 Feb. 2016), who found him guilty under the first unnumbered Article 553 - apropiación ilícita/ unlawful appropriation of the Penal Code (pre-COIP), and sentenced him to 6 months in prison, USD1,000 fine and compensatory damages of USD20,196. The defendant challenged the prosecutorial appeal to the Provincial Court (court of 2nd instance) by arguing, among other issues, that it missed to provide an assessment whether the acts addressed by Art. 553 of the Penal Code were still criminalized in the COIP (which was in force at the time), as the first transitory provisions of the latter require. It also challenged that the defendant could have done the facts alleged by the prosecution, as it was proved that he only did maintenance to two ATMs out of the eighteen that were reported to have been illegally accessed.

National Court of Justice denied the appeal of the defendant on both grounds, pointing out, among other arguments, that the acts of the first unnumbered Art. 553 of the Penal Code have been fully captured by Art. 190 of the COIP and the prosecution had demonstrated the defendant is the party responsible for the acts leading to the illegal ATM access and subsequent client and bank financial loses.

Sources and links

Tools on Cybercrime & Electronic Evidence Empowering You!

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe. 


  Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?

  Share this information with us helping to keep this platform up to date.

Useful links