Luxembourg - Octopus Cybercrime Community

Back Luxembourg

Status regarding Budapest Convention

Status : Party Declarations and reservations : – See legal profile

Cybercrime policies/strategies

Luxembourgish National Cyber Security Strategy III was approved and made enforceable by the Government Council on 26 January 2018. The strategy is based on four strategic guidelines:

Guideline No. 1: Strengthening public confidence in the digital environment – referring also to combating cybercrime and the need to strengthen cooperation;
Guideline No. 2: Digital Infrastructure protection;
Guideline No. 3: Promotion of the economy
Guideline No. 4: Implementation of the strategy

Politique de Sécurité de l’Information de l'État luxembourgeois establishes the National Agency for the Security of Information Systems (ANSSI), with the mandate of: Preserving confidential data of the State; Ensuring accountability for any processing of personal data; Defining a policy for handling classified information; Issuing recommendations for implementation of information security policies to relevant actors.

Cybercrime legislation

State of cybercrime legislation

Since introducing Act of 18 July 2014 concerning the approval of the Convention on Cybercrime of the Council of Europe, substantive and procedural criminal law framework of Luxembourg is fully in line with the Convention requirements.

Substantive law

Act of 18 July 2014 concerning the approval of the Convention on Cybercrime of the Council of Europe: Approves the Budapest Convention and additional protocol; Amends the Penal Code; Amends the Code of Criminal Instruction; Amends the 2005 Act on the protection of privacy in the electronic communications sector.

Penal Code Section VII is dedicated specifically to cybercrime (art. 509-1 to 509-7) “Section VII. -De certaines infractions en matière informatique (L. 15 juillet 1993) (Art. 509-1 à 509-7) “. IT introduces offences related to: illegal access; illegal interception; data interference; system interference; misuse of devices; Computer related forgery and computer related fraud, as well as

Attempting and aiding or abetting.

Specific legislation on child online protection has been enacted through the following Articles 327, 283 – 385, 385 – 1 and 385b of the Criminal Code.

Procedural law

Act of 18 July 2014 concerning the approval of the Convention on Cybercrime of the Council of Europe amends the Criminal Procedure Code of Luxembourg, introducing definitions of electronic evidence, further clarifying pursuit of investigation, including obligation to notify the investigated person within 12 months from the beginning of the proceedings. Art. 33 of the Criminal Procedure Code is modified to implement search and seizure powers and addresses handling of data and chain of custody. Chapter X is supplemented with provisions on Expedited data preservation (Art. 16 BC) and Expedited preservation and partial disclosure of traffic data (Art. 17 BC). Chapter X also contains obligations for service providers and the obligation to obligation to notify the investigated person within 12 months from the beginning of the proceedings.

Act of 18 July 2014 concerning the approval of the Convention on Cybercrime of the Council of Europe amends also the Law on Data Protection in Electronic Communications introducing data retention obligations, specifically related to traffic data and localisation data, any other besides subscriber and traffic data.

Safeguards

Horizontally applicable safeguards and guarantees apply.

Criminal Procedure Code specifies that procedural powers corresponding to Art. 16 – Art. 21 of the BC are under prosecutorial and judicial oversight, with a necessary amendment from a state prosecutor or “juge d’instruction”.

Law on Data Protection in Electronic Communications contains obligations for service providers to ensure appropriate safeguards for preserved personal data.

Related laws and regulations

Law on Data Protection on Electronic Communications (English)
Law on Electronic Commerce (English)
Law on Electronic Signature and Cryptography (French).
Law on the Protection of Individuals with regard to the Processing of Personal Data. (English)

(Source: https://cybersecurite.public.lu/fr/securite-information/cadre-legal/national.html)

Specialised institutions

New Technologies section, Central Directorate of the Judicial Police (DCPJ)

CIRCL – Computer Incident Response Center Luxembourg

ANSSI - the National Agency for the Security of Information Systems

Currently, there are 4 public CERTs and 6 private CERTs (1 is a joint industry service) covering different sectors of the economy and society in Luxembourg. The main one is Governmental CERT.

(Source: https://www.cyberwiser.eu/luxembourg-lu)

International cooperation

Competent authorities and channels

Authority for extradition and provisional arrest in the absence of other treaties (Article 24)

The central authority for extradition:

Parquet du Tribunal d’arrondissement de Luxembourg

Cité judiciaire

Bâtiment PL

L-2080 – Luxembourg

Tél.: 475981-442/208

E-mail : [email protected]

and

Ministère de la Justice

Affaires pénales et judiciaires

13, rue Erasme

L-2934 Luxembourg

Tél: (+352) 247-84537

Fax: (+352) 26 68 48 61

E-mail: [email protected]

Authority for Mutual Legal Assistance in the absence of other agreements or arrangements (Article 27)

Parquet général

Cité judiciaire

Bâtiment BC ou CR

L-2080 – Luxembourg

Tél.: 475981-1

E-mail : [email protected]

24/7 Contact point (Article 35)

Contact & Telephone Number: Police Grand-Ducale, CIN – Centre d’Intervention National

Description of Contact: The CIN is the national communications center of the Police Grand-Ducale for urgent calls. It is open 24 hours a day. Its personnel are able to reach all the police officers on duty.

Language Capabilities of Contact: Luxembourgish, German, French, English

What to Say When Calling Contact Number: Ask for the ‘Service de Police Judiciaire - Permanence Nouvelles Technologies’ or ‘- Permanence Direction’ if not available.

Practical guides, templates and best practices

For all requests from a foreign authority the following legal text and procedures are applicable: Loi du 8 août 2000 sur l'entraide judiciaire internationale en matière pénale.

Jurisprudence/case law

Sources and links

Tools on Cybercrime & Electronic Evidence Empowering You!

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.

Contribute

Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?

Share this information with us helping to keep this platform up to date.

Useful links

Cybercrime website
Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.