Cybercrime policies/strategies
In January 2016 the Government of the Republic of Kosovo*, adopted the National Cyber Security Strategy and Action Plan 2016-2019, which aim to address the issue of cybersecurity in Kosovo* and continue to take the necessary measures to guarantee the protection and cybersecurity state.
They address the issue of cyber security in Kosovo* through five strategic objectives:
- Critical information infrastructure protection
- Institutional development and capacity building
- Building Public-Private-Partnerships
- Incident response
- International Cooperation
In January 2014 the Government adopted the National Strategy for the Prevention of and Fight against the Informal Economy, Money Laundering, Terrorist Financing, and Financial Crimes (2014-2018). In 2019 a new Strategy was drafted for the period 2019 -2023, which is in its final stages of adoption. A multi-stakeholder working group has also been created as a coordination platform for the National Council of Cyber Security of Kosovo*. The draft Strategy is aiming to achieve two strategic objectives:
- To improve the quality of governance in the economy and rule of law in Kosovo*; and
- To increase the financial resources for public services as a result of additional tax revenues and from confiscation of illegal assets.
Cybercrime legislation
State of cybercrime legislation
The Criminal Code does not cover all offences; however, they are all covered in the Law on Prevention and Fight of the Cybercrime (Law on Cybercrime).
Law No.03/L –166 on Prevention and Fight of the Cybercrime was adopted in 2010 and is currently being reviewed.
According to the authorities, in the latest 2018 amendments to the Criminal Code, a new Article 336 – “Identity and access device theft” was introduced, which relates to the unauthorised use of a person’s identification or means of identification to commit a crime contrary to Articles stipulated in the Criminal Code.
Substantive law
Substantive law
Law on Prevention and Fight of the Cybercrime includes the following crimes:
Article 9 - Penal acts against confidentiality, integrity and availability of the computer systems data;
Article 10 - Unauthorized interception;
Article 11 - Unauthorized transfer;
Article 12 - Hindrance of computer systems operation;
Article 13 - Unauthorized production, possession and attempt;
Article 14 - Computer related penal acts;
Article 15 - Causing loss of asset;
Article 16 - Child pornography through computer systems.
In addition, the Criminal Code also includes the following offences:
Article 238 - Abuse of children in pornography;
Article 307 - Issuing uncovered or false cheques and misuse of bank or credit cards;
Article 336 – Identity and access device theft
Article 339 - Intrusion into computer systems.
Regarding violation of copyrights, there are several articles in the Criminal Code:
Article 295 – Violation of patent rights;
Article 296 - Violation of copyrights.
Procedural law
The Criminal Procedure Code is applicable when dealing with cybercrime cases, including investigations as well as search, seizure and confiscation. The latter matter is procedurally supplemented by the Law of Extended Powers on Confiscation of Assets.
Law on Prevention and Fight of the Cybercrime also regulates specific procedural measures:
Article 18 - Sequestration, copying and maintenance of data;
Article 23 - Requirements for accelerated data maintenance;
Article 24 - Data storage;
Article 25 - Access to public, open sources;
Article 26 - Legal provisions for providing information and data, necessary for the foreign authorities.
Safeguards
The Constitution guarantees a series of human rights and fundamental freedoms, among which:
Article 36 - Right to privacy (inviolability of residence, confidentiality of correspondence, telecommunication and other communication, right of protection of personal data);
Article 40 - Freedom of expression.
Moreover, Article 22 of the Constitution states that human rights and fundamental freedoms guaranteed by inter alia Universal Declaration of Human Rights, European Convention for the Protection of Human Rights and Fundamental Freedoms and its Protocols and the International Covenant on Civil and Political Rights and its Protocols are directly applicable in Kosovo* and, in case of conflict, have priority over provisions of national laws and other acts of public institutions. Moreover, according to Article 53 rights and fundamental freedoms guaranteed by the Constitution shall be interpreted consistent with the court decisions of the European Court of Human Rights.
Article 55 of the Constitution provides that any limitations to the fundamental rights and freedoms should only be regulated by law to the extent necessary for the fulfillment of the purpose of the limitation in an open and democratic society. In cases of limitations of human rights or the interpretation of those limitations; all public authorities, and in particular courts, shall pay special attention to the essence of the right limited, the importance of the purpose of the limitation, the nature and extent of the limitation, the relation between the limitation and the purpose to be achieved and the review of the possibility of achieving the purpose with a lesser limitation. Lastly, limitations of fundamental rights and freedoms should not deny the essence of the guaranteed right.
Following this rationale Criminal Procedure Code and the Law on Prevention and Fight of the Cybercrime, which regulates procedural measures provides for corresponding safeguards.
Related laws and regulations
Law on Electronic Communication-04/L-109 (November 2012)
Law on the Information Society Services – 04-L-094 (March 2012)
Law on Information Society Government Bodies- 04/L-145 (May 2013)
Specialised institutions
Specialized police cybercrime unit was created in the Kosovo* Police - Sector for Cybercrime Investigation, Directorate for Organized Crime Investigation.
Prosecution Service has no specialized unit and there is no such structure in the judiciary.
Regulatory Authority of Electronic and Postal Communications 9ARKEP) is the national regulatory authority in the field of electronic communications and postal services. ARKEP hosts the National Computer Emergency Response Team (KOS-CERT). The CERT is intended as a national CERT and various sectoral CERTs are envisaged to be established. An online platform was developed and is available to the public for reporting security incidents.
The National Agency for the Protection of Personal Data which is an independent agency is in charge of supervising the implementation of data protection rules.
Based on the National Strategy on Cyber Security in 2016, the National Council for Cyber Security was established.
International cooperation
Competent authorities and channels
Ministry of Justice (Department for International Legal Cooperation) is the designated central authority for mutual legal assistance in criminal matters.
Requests for international legal cooperation shall be transmitted through the Ministry of Justice, where necessary, diplomatic channels may also be used. In urgent cases, national judicial authorities may provide assistance even if the request is received directly, through INTERPOL, or in any other form which produces a written record, on condition that the requesting state assures that it will send the request in original within thirty (30) days in accordance.
The Minister of Justice may allow direct cooperation between national and foreign judicial authorities, as deemed appropriate.
Legal assistance may also be provided or requested for undertaking provisional measures for the purpose of preserving evidence, maintaining an existing situation or protecting endangered legal interests.
National judicial authorities shall give priority to the execution of requests for mutual legal assistance and take into account any procedural deadlines and any other terms indicated by the requesting state.
Article 219 of the Criminal Procedure Code regulates international requests, if the Office of International Legal Cooperation receives and approves a request for assistance from a foreign government, the Office of International Legal Cooperation shall assign the request to the appropriate state prosecutor, who shall initiate a criminal proceeding with the limited purpose of obtaining the requested information or performing the requested action. If the requested information or action is not permitted by the law or is not possible to obtain or perform, the state prosecutor shall inform the Office of International Cooperation and shall terminate the criminal proceeding.
A 24/7 contact point is not yet established. Police requests can be directed to the Directorate for International Cooperation in the Rule of Law (ILECU) of the Kosovo* Police.
Practical guides, templates and best practices
Legal Framework
Law on International Legal Cooperation in Criminal Matters - 04/L-213 (September 2013) represents the general framework for international cooperation in criminal matters
http://licodu.cois.it/?p=10141&lang=en
International cooperation is also foreseen in the Law on Prevention and Fight of the Cybercrime, namely:
- International Cooperation (Article 20);
- Investigations (Article 21);
- Contact point (Article 22).
Article 219 of the Criminal Procedure Code refers to international requests.
Read also specific procedures and best practices
Jurisprudence/case law
Sources and links
Kosovo* Police: http://www.kosovopolice.com/
Prosecution Service: https://www.scp-ks.org/en; https://prokuroria-rks.org/
KOS-CERT: https://www.kos-cert.org/
Legislation: https://gzk.rks-gov.net/Default.aspx?index=1&index=1
*This designation is without prejudice to positions on status, and is in line with UNSC 1244 and the ICJ Opinion on the Kosovo Declaration of Independence.

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.