Status regarding Budapest ConventionStatus : Party Declarations and reservations : Reservations: full extent subparagraphs 1.d and 1.e of Article 9 of the Convention Declarations: Article 24, subparagraph 7.a, subparagraph 2.c See legal profile
In terms of cybercrime, Section 4.5 of the Cybersecurity Strategy of Ukraine (enacted by Decree 96 of the President of Ukraine of 15 March 2016) addresses the issue of fighting cybercrime. Among the priorities, the following measures are listed: establishing a contact centre for reporting cybercrime and fraud in cyberspace; improving procedural tools for digital forensics; training law enforcement, judges, investigators and prosecutors with regard to handling digital evidence; introducing blocking of information resources (information services) by the court; data retention obligations for operators and providers of telecommunications regulations; enhancing criminal procedure actions with the use of electronic documents and digital signatures; coordination of law enforcement agencies to combat cybercrime; and regulating interception of telecommunications in case of cybercrime investigations.
The Cybersecurity Strategy of Ukraine, beyond cybercrime matters, also addresses the development of safe, sustainable and reliable cyberspace, security of the government information resources, security of critical infrastructure, and development of cybersecurity capacities in the defence sector as strategic priorities. A number of stakeholders, including security, defence, communications and police agencies of Ukraine are tasked with implementing the Strategy.
The strategy is supplemented by yearly Action Plans that are issued by the Cabinet of Ministers of Ukraine since 2016.
Decree of the President of Ukraine concerning “The Strategy of providing the cyber security in Ukraine”, proposed on the 27 of January 2016, adopted by the Government on the 15 of March 2016.
State of cybercrime legislation
Ukraine adopted a specific Cybercrime Law that is incorporated in the Criminal Code of Ukraine (mainly Section XVI Art. 361-363) and Criminal Procedure Code. The mentioned incorporation was done after the Ratification of the Budapest Convention in 2006.
In terms of substantive law provisions corresponding to Budapest Convention provisions are:
Articles 2-6 of the BCC (c-i-a offences) are implemented, however definitions of acts are split between several Articles and some elements are missing;
There are only general definitions of forgery and fraud – no computer data elements (Art. 7-8 BCC);
There is a general implementation of child pornography offences but several definitions are lacking (Art. 9 BCC);
General provisions are used for IPR offences (Art. 10 BCC);
There are concepts of attempt, aiding and abetting implemented (Art. 11 BCC);
No corporate liability provisions are foreseen (Art. 12 BCC)
Substantive measures are implemented through the following provisions in Ukranian legislation:
- Illegal access- partly Art. 359 and partly Art. 361 of the Criminal Code of Ukraine
- Illegal interception- partly Art. 31 of the Constitution of Ukraine and Art. 163, Art. 359, Art. 362(2) of the Criminal Code of Ukraine
- Data interference- Art. 362(1) of the Criminal Code of Ukraine
- System interference- partly Art. 361(1) and partly Art. 363-1 of the Criminal Code of Ukraine
- Misuse of device- partly Art. 361-1 of the Criminal Code of Ukraine
- Computer-related forgery- Art. 362(1) of the Criminal Code of Ukraine
- Computer-related fraud- Art.190, esp. par.3 of the Criminal Code of Ukraine
- Offences related to child pornography- Art. 52 of the Constitution of Ukraine and partly Art. 301 the Criminal Code of Ukraine
- Attempt and aiding or abetting- Art. 13 (2) and Art. 15, Art.26-27 and Art. 29, also Art. 68 (2) of the Criminal Code of Ukraine
- Corporate liability- partly Art.96 of the Criminal Code of Ukraine
The Code of Criminal Procedure of Ukraine does not contain a definition of electronic evidence. According to Article 84(1) of the CPC, evidence is defined broadly, and covers any factual knowledge, obtained in accordance with the Code, by which presence or absence of facts and circumstances which are important for the criminal proceedings can be proved. Sources of such knowledge (evidence) can be testimonies, objects, documents and expert findings. According to Article 99(1) of the same Code, ‘document’ is “material object, which was created specifically for conservation of information, such object containing fixed by means of written signs, sound, image etc. the knowledge that can be used as evidence of the fact or circumstance which is established during criminal proceedings”. It is further stipulated in paragraph 2 that documents might be “materials of photography, sound recording, video recording and other data media (including electronic)”.
While several articles of the Code of Criminal Procedure of Ukraine refer to the collection of subscriber information and identification of the subscriber (Articles 162, 248, 263, 268), the notion of subscriber information is not defined in the procedural legislation. The only definition related to this notion can be found in the Law on Telecommunications, where the term ‘subscriber’ is explained.
A definition of traffic data is not found in the legislation of Ukraine, while content data is addressed in corresponding investigative power under the Criminal Procedure Code.
In terms of expedited preservation of stored computer data, Ukraine did not implement Article 16 Budapest Convention by introducing specific preservation order in its procedural legislation. Chapter 15 of the Criminal Procedure Code foresees some possibility of preserving computer data by using the concept of “provisional access to objects and documents”. According to Article 159(1) of the Code of Criminal Procedure, purpose of ‘provisional access to objects and documents’ is for a party in proceedings to (1) get opportunity to examine objects and documents, (2) make copies thereof and, (3) seize them.
The expedited preservation and partial disclosure of traffic data under Article 17 Budapest Convention is not implemented, as there are no specific provisions that define traffic data, authorize its expedient preservation and disclose the path of communications by the service providers, neither in the procedural nor in telecommunications legislation of Ukraine.
Ukraine did not implement Article 18 Budapest Convention by introducing specific production order provisions. Chapter 15 of the Code of Criminal Procedure, entitled “Provisional access to objects and documents”, can be deemed as a relevant alternative. However, the options provided by the said Chapter of the CPC provide only very limited possibilities to order production of data.
Search and seizure of stored computer data under Article 19 Budapest Convention can partially be achieved on the basis of Chapter 16 of the Code of Criminal Procedure (‘provisional seizure of property’), Articles 234 – 236 of the CPC (search) and 167 (‘provisional seizure of property’).
Special provisions in the context of search and seizure provided by Article 19 (search of a connected system; making and retaining a copy of those computer data; maintaining the integrity of the relevant stored computer data; rendering inaccessible or removing those computer data in the accessed computer system) are not implemented. At the same time, provisions related to seizing or similarly securing computer data (p. 3(a)) and assistance of specialists in technical matters (p. 4) are covered by general regulations on seizure and involvement of specialists and experts in the criminal proceedings.
Ukraine implements Articles 20 and 21 Budapest Convention related to real-time collection of traffic data and interception of content data by similar set of provisions.
Article 40(4) of the Law on Telecommunications obliges telecommunication operators to, at their own expense, “install and ensure functioning of the technical means necessary for the performance by search and investigation bodies and Ukrainian telecommunication networks security monitoring agencies, as well as to promote, within the scope of their competences, search and investigation activities, monitoring performance and prevention from the disclosure of the employed organizational and tactical techniques”. It is also stipulated that operators must ensure protection of said technical means from unauthorized access.
In terms of procedural implementation, Articles 258 – 266 of the Code of Criminal Procedure provide legal basis for several covert investigative (detective) actions which interfere with the private communications of the individual. In the context of Articles 20 and 21 Budapest Convention, primarily relevant action is ‘collecting information from transport telecommunication networks’ (CPC Article 263).
In terms of horizontally applicable conditions and safeguards (Article 15 Budapest Convention), although most of the elements limiting and controlling the application of more intrusive measures, such as search and seizure, real-time collection of traffic data and content interception, are present - such as existence of criminal investigation, judicial order, duration and other conditions.
The safeguards are guaranteed by the Constitution of Ukraine, esp. Art.30-31.
The used safeguards are also covered by Art. 159-166, Art. 246-257 and Art.263-266 of the CPC of Ukraine.
Related laws and regulations
- Law of Ukraine "On State Service of Special Communication and Information Protection of Ukraine"
- Law of Ukraine "On protection of information in telecommunication systems"
- Law of Ukraine "On the National System of Confidential Communication"
- Law of Ukraine "On Information"
- Law of Ukraine "On Telecommunications"
- Law of Ukraine "On the Information Society Development in Ukraine in 2007-2015"
- Law of Ukraine "On the disciplinary regulations of the State Service for Special Communications and Information Protection of Ukraine"
- Law of Ukraine "On State Secrets"
- Law of Ukraine "On electronic documents and electronic document"
- Law of Ukraine "On electronic digital signature" from 22.05.2003 № 852-IV
- Law of Ukraine "On electronic documents and electronic document" from 22.05.2003 № 851-IV
- Law of Ukraine "On the information" from 02.10.1992 № 2657-XII
- Law of Ukraine "On Personal Data Protection" from 01.06.2010 № 2297-VI
- Law of Ukraine "On Access to Public Information" from 13.01.2011 № 2939-VI
- Law of Ukraine "On protection of information in telecommunication systems" from 05.07.1994 № 80/94-BP
Following the reform implemented in 2015, there is now a Cyber Police Department of the National Police of Ukraine, as part of the Ministry of Internal Affairs of Ukraine. There are 25 law enforcement officers and 2 senior specialists in the within the Cyber Police Department of the Ministry of Interior of Ukraine. In every region of Ukraine there are local cybercrime units; total number of staff being up to 100 members.
Staff of the Cybercrime Department of the Ministry of Interior are competent to detect and clear all crimes committed by means of information technologies and telecommunications, including computer-related fraud, crimes on the Internet, child abuse, and infringement of copyright. According to the regulations of the Ministry, the Department focuses on the following:
- Crimes against information security;
- Crimes in the areas of IT, telecom and copyright;
- Crimes in the areas of payment systems and commercial activities;
- Computer intelligence activities.
Investigators of the Cyber Police Department lead criminal proceedings on such cases.
In order to collect and analyze electronic evidence, the Cyber Police Department engages experts of the Forensic Science Centre of the Ministry of Interior. The experts take part in collecting, seizure, storage, analysis, examination and expert evaluation of digital evidence. Other agencies and units can invite experts of the Centre where it is necessary to collect and analyse digital evidence within investigative proceedings conducted by such other agencies / units.
The Department of Counterintelligence Protection of State's interests in the sphere of Information Security of the State Security Service of Ukraine is another specialized law enforcement unit in Ukraine. The Security Service investigates crimes established by Article 359 of the Criminal Code of Ukraine (Illegal use of technical means for covert capture of information). Competencies of the Security Service of Ukraine also include investigation of crimes committed by means of computers and telecom channels established by articles 361, 361-1, 361-2, 362, 363, 363-1 of the Criminal Code of Ukraine (which correspond to offences under Articles 2-6 of the Budapest Convention).
Functions are distributed between the units of the Ministry of Interior and the Security Service of Ukraine on the basis of investigative competence regarding a relevant crime as established by Article 112 of the Criminal Procedural Code of Ukraine
For the Ministry of Interior, the key focus is to protect rights of people, companies, institutions, organizations, interests of the State and society against unlawful acts. For the State Security Service, the focus is to protect the State, its constitutional order, State security, as well as to conduct counter intelligence activities. In practical terms, however, there is an overlap of functions and investigative competencies between the two agencies.
- Department of cybercrime : https://www.cybercrime.gov.ua
- National Police of Ukraine https://www.npu.gov.ua
Competent authorities and channels
International cooperation in its extradition part is partly based on the Art. 10 of the Criminal Code of Ukraine and the signed bilateral agreements.
Possible cooperation with the European Union countries can be based on the Association Agreement between Ukraine, on the one hand, and the European Union, the European Atomic Energy Community and their Member States, on the other hand, the agreement was ratified by a statement by the Law number 1678-VII on the 16.09.2014.
Legal Framework is based on:
Bilaetral agreements, especially with countries such as: Armenia, Azerbaijan, Belarus, France, Finland, Georgia, Great Britain, Israel, Kazakhstan, Kirgizstan, Latvia, Lithuania, Moldova, Norway, Poland, Syria, Tajikistan, Turkmenistan, United States of America, Uzbekistan, Vietnam, others.
Association Agreement between Ukraine, on the one hand, and the European Union, the European Atomic Energy Community and their Member States, on the other hand, the agreement was ratified by a statement by the Law number 1678-VII on the 16.09.2014.
24/7 points of contact and police cooperation
The Cyber-Police Department of the National Police of Ukraine, as part of the Ministry of Internal Affairs, performs the functions of the 24/7 point of contact. Because of the absence of a mechanism for exchanging messages to/from international law-enforcement agencies between the National Police and Security Service of Ukraine, the possibility of establishing a second 24/7 contact point at the Security Service of Ukraine is being currently discussed.
The 24/7 contact point is executing only police-to-police type of requests related to cybercrime and electronic evidence. It can provide assistance in the investigation of criminal offences connected with computer systems and exchange of operative information (that is not the evidence in criminal proceedings). The central authorities of Ukraine may take into consideration a request that came from the requesting party electronically, by facsimile or other means of communication.
The 24/7 National contact point according to the national legislation has no competence in executing MLATs. MLA requests can only be executed through the Prosecutor General’s Office.
As to the execution of preservation requests, only regular procedures are used, as under Ukrainian legislation there is no separate provision for data preservation. Accordingly, no urgency procedures have been reported to exist.
Mutual legal assistance authorities
During the stage of pre-trial investigation, the Prosecutor General’s Office (Department for International Legal Cooperation and European Integration) is the central authority. At the trial stage, the Ministry of Justice (Division on Mutual Legal Assistance in Criminal Matters, International Legal Cooperation Department, Directorate for International Law) is handling MLA requests.
Requests may be sent to a foreign State or received from a foreign State, also through INTERPOL. The NCP INTERPOL cannot implement an MLA request but has to send it to the competent authority (Prosecutor General’s Office or the Ministry of Justice of Ukraine) for action. Diplomatic channels are also used in case of absence of an international treaty.
In the absence of treaties and on the basis of reciprocity, Ministry of Foreign Affairs, Directorate General for Consular Service is the channel through which the request is forwarded and received. If received by the above, the request should be transferred to the central authority according to the stage of proceedings. The request has to include assurances of reciprocity. Only the official written request can be accepted by the Ministry of Foreign Affairs.
For outgoing requests, a court, prosecutor or investigator - in consultation with the prosecutor - can send requests for international legal assistance in criminal proceedings to competent central authorities. Central authorities ensure the transmission of requests to foreign counterparts and manage all communications in this respect
Complying with Article 35 of the Budapest Convention, a 24/7 point of contact was established. The same functionality is also used for the G8 network purposes and also for the Interpol Network.
Ministry of Justice of Ukraine (concerning courts' commission) and the General Prosecutor's Office of Ukraine (concerning commissions of bodies of prejudicial inquiry).
Division for Combating Cybercrime, Ministry of Internal Affairs.
Practical guides, templates and best practices
- Judgement of the Regional Court of the City of Dneprodzerjinsk, Donetsk region, on the 16.02.2012 at: http://reyestr.court.gov.ua/Review/28269975
Category: Unauthorized information that is processed in computers
Under articles (extracts): 323-324 CPC of Ukraine
Decision: Person_3 found guilty of committing an offense under Part. 1 and Part. 3 of the Art. 362 of the Criminal Code of Ukraine.
Person_3 is sentenced:
Under the Part. 1, Art. 362 of the Criminal Code, in the form of corrective labor for a term of one year, with a deduction of 10% of earnings to the state, with the confiscation of software and hardware, by which was totally unauthorized alteration of information that are his property;
Under the Part. 3 Art. 362 of the Criminal Code, to imprisonment for a term of three years, with deprivation of the right to engage in banking activities, for a period of three years, with confiscation of software and hardware, by which it was committed unauthorized actions with the information that are his property.
- Judgement of the Regional Court of the City of Chernihiv, on the 28.07.2014 at: http://reyestr.court.gov.ua/Review/39909521
Category: Creating for use, distribution or sale of harmful software or technical means, as well as their distribution or sales.
Under articles (extracts): Art. 361-1 and Art. 361-1(2) of the Criminal Code of Ukraine
Decision: Person_2 found guilty of committing an offense
Person_2 found guilty of committing an offense and is sentenced:
- Under Art. 361-1 Part. 1 of the Criminal Code of Ukraine to one year imprisonment with confiscation of software intended for illegal interference with operation of computers (PCs), which is owned by the perpetrator;
- Under Art. 361-1 Part. 2 Criminal Code of Ukraine to two years imprisonment with confiscation of software intended for illegal interference with operation of computers (PCs), which is owned by the perpetrator.
All cases can be found at: http://reyestr.court.gov.ua
Sources and links
- NATIONAL COMMISSION FOR THE STATE REGULATION OF COMMUNICATIONS AND INFORMATIZATION : http://nkrzi.gov.ua
- Legislations of Ukraine: http://zakon4.rada.gov.ua/laws/
- Government portal: http://www.kmu.gov.ua
- Presidential Authority : http://www.president.gov.ua
- Main legal acts: http://pravo.ligazakon.ua
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.