The wiki profiles provide an overview of a country's policy on cybercrime and electronic evidence. Every fiche includes a description of cybercrime policies/strategies, the state of cybercrime legislation, the channels of cooperation, international cooperation and case law.

For more information on a country's legislation, click on the legal profile in each country wiki.

Back Belgium

    Status regarding Budapest Convention

Status regarding Budapest Convention

Status : Party Declarations and reservations : declarations regarding articles 2, 7 (interpretations of these articles), 24, 27 and 35 (designation of responsible authorities). Reservations regarding articles 22.1.c. and 22.1.d. See legal profile

Cybercrime policies/strategies

Belgium introduced for the first time in 2000 a specific law on cybercrime. In 2012, the government established a cyber-strategy to meet the growing threat of cybercrime in the country. This strategy aimed to target a secure and reliable cyberspace that respects the values ​​and rights of a modern society; to ensure optimal protection against cyber- threat of public systems and critical infrastructures; develop national cybersecurity capabilities for independent security policy and a suitable response to security incidents. This strategy, which promotes a centralized and integrated approach with the cooperation of all stakeholders, lays the foundation for a legal framework. Following this strategy, a Centre for Cybersecurity Belgium (or CCB) was established (the Royal decree of 10 October 2014 formalizing its creation was published in the Belgian Official Gazette of 21 November 2014). This Centre oversees online security in the country and educate users. It is in charge of the service management of the Computer Emergency Response Team (CERT) responsible for detecting, observing and analysing online security issues (previously under the responsibility of the Ministry in charge of Information and Communication technology). In January 2015, another organization, the cybersecurity coalition was created, with over 80 actors from the academic world, public and private sector for the fight against cybercrime. Its mission is to bolster Belgium’s cyber security resilience by building a strong cyber security ecosystem at national level, by bringing together the skills and expertise of the academic world, the private sector and public authorities on a trust-based platform aimed at fostering information exchange and implementing joint actions. The coalition focuses on four strategic domains: experience sharing, operational collaboration within a trusted community, policies recommendations and awareness raising campaigns.

Specialised institutions

  • Centre for Cybersecurity Belgium (CCB)
  • Cybersecurity Coalition
  • Federal Computer Crime Unit (FCCU): police specialized in the analysis of computer and telecommunication systems.
  • The Federal Cyber Emergency Team is the first Belgian contact point when it comes to dealing with threats and vulnerabilities of cybersecurity affecting Belgian interests. Professionals in information technology and communication (ICT) can go to for free and confidentially for cyber-incident reports (pirated data and network infrastructures, phishing, cyber-attacks, etc.) . also gives advice to citizens and businesses on how to use the internet safely.
  • Safeonweb: Safeonweb wants to quickly and accurately inform Belgian citizens and advise on cyber security high-end digital threats and online security.
  • Office for Criminal policy within the Ministry of Justice.
  • BOSA/Digital Transformation: as a federal public service, BOSA defines and implements the federal e-government strategy. It uses innovative information and communication technology (ICT) to help the various federal public services to improve their service portfolios and tailor them to meet the needs of the general public, businesses and civil servants.
  • The Belgian Institute for Postal Services and Telecommunications (BIPT) oversees both the postal sector and the telecommunications sector, now called electronic communications. The BIPT perform tasks of economic regulation, technical organization and compliance with regulatory frameworks. The BIPT is involved in the safety of public networks and publicly accessible electronic communications services.
  • The State Security department. The State Security department is the civilian and security intelligence service of Belgium. Its functions include the protection of fundamental rights and state interests. The State Security department assists belgian businesses in their protection against cyber-attacks.
  • Febelfin: Febelfin, the Belgian financial sector federation, assist its 268 members in the fight against cybercrime through information sharing and cooperation with all stakeholders involved. Febelfin has a dedicated website,, and launched several campaigns regarding the security of internet banking with “shocking” videos
  • The Data Protection Authority: the Data Protection Authority (DPA) is an independent body ensuring the protection of privacy when personal data are processed. The DPA is the successor of the Commission for the protection of privacy as of 25/05/2018 and was established by the Belgian Federal House of Representatives with the Act of 3 December 2017 establishing the Data Protection Authority.

Jurisprudence/case law

  • Order of the Court of First Instance of Bruges (21 April 2004). The use of spoofing techniques to misuse a specified email address that we can no longer dispose after a contract is deemed illegitimate and constitutes a breach of contract.
  • Judgment of the Criminal Court of Hasselt – 15th Chamber (21 January 2004). In assessing the qualification of hacking into a computer system for which it has no access authorization, no good intentions of the attacker nor the system protection should be considered.
  • Judgment of the Court of First Instance of Furnes (13 August 2004). The abusive registration of domain names should not be seen as freedom of expression.
  • Judgment of the Criminal Court of Eupen – 4th Chamber (15 December 2003). The use of software to access or remain in a computer system knowing that it is not allowed can be considered as a hacking attempt.
  • Decision of the Court of Appeal of Antwerp (7th October 2003). The accused in this case operated since February 2000 the website. The applicants could obtain, in exchange of payment, a password that enabled them to add hyperlinks on this website. All hyperlinks linked to pages with child pornography content. In its decision, the Court merely states that the comparison with an Internet access provider was not valid, precisely because the accused intended to a specific unlawful topic, i.e. child pornography images.
  • Judgment of the Criminal Court of Liege – 12th Chamber (18 November 2002). False data used on the Internet, either to create an Internet account or to write messages on a discussion forum, are considered as written documents as soon as they can be transposed on written materials.
  • Decision of the Criminal Court of Ghent – 19th Chamber (11 December 2000). The user name, the password and the pin codes are telecommunications data in the meaning of art. 109ter D, 3° of the law of 21 March 1991 relating the reform of certain economic public companies. To benefit from this law, it is only required that, in terms of accessibility of data, these data are not intended for the general public. It is not important to know whether these data are easily accessible from a technical point of view. Neither the intentional knowledge of telecommunications data related to another person, nor the disclosure of these data require a special intention.
  • Yahoo case: Court of Cassation 1 December 2015: the Court confirmed the conviction of Yahoo for having refused to collaborate with Belgian judicial authorities concerning a request for subscriber data. Yahoo was considered to offer its services on Belgian territory and is therefore obliged to collaborate in judicial requests.
  • Skype case: Court of Cassation 19 February 2019: the Court confirmed the conviction of Skype for having refused to collaborate with Belgian judicial authorities concerning a request for communication interception. Again, Skype was considered to offer its services on Belgian territory and is therefore obliged to collaborate in judicial requests. In this case, Skype argued that it was technically impossible to grant the police access to the communication. This argument was not accepted. When offering communication services in the Belgian territory, service providers need to be capable of collaborating with the judicial authorities.
Tools on Cybercrime & Electronic Evidence Empowering You!

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe. 

* This designation is without prejudice to positions on status, and is in line with UNSC 1244 and the ICJ Opinion on the Kosovo Declaration of Independence.