The wiki profiles provide an overview of a country's policy on cybercrime and electronic evidence. Every fiche includes a description of cybercrime policies/strategies, the state of cybercrime legislation, the channels of cooperation, international cooperation and case law.

For more information on a country's legislation, click on the legal profile in each country wiki.

Back Bosnia and Herzegovina

Status regarding Budapest Convention

Status regarding Budapest Convention

Status : Party Declarations and reservations : N/A See legal profile

Cybercrime policies/strategies

The Council of Ministers of Bosnia and Herzegovina has adopted the Strategy for establishment of CERT in Bosnia and Herzegovina proposed by the Ministry of Security of Bosnia and Herzegovina in 2011, the Council of Ministers adopted Decision on Establishment of Computer Emergency Response in March 2017.

Bosnia and Herzegovina has not yet adopted the Strategy on cybersecurity/cybercrime. However, the issues of cybercrime and cyberterrorism have been addressed in the Strategy for fighting organized crime in Bosnia and Herzegovina (2017-2020) and Strategy for prevention and fight against terrorism (2015-2020) which have been proposed by the Ministry of Security of Bosnia and Herzegovina and adopted by the Council of Ministers of Bosnia and Herzegovina.

The Government of the Republic of Srpska appointed the Working group for drafting the Republic of Srpska Cyber Security Strategy by adopting the Decision No. 04/1-012-2-2322/16. Also, the Goverment of the Republika Srpska appointed the Working group for drafting the Republika Srpska Strategy for fight against cybercrime by adopting the Decision No. 04/1-012-2-2322/16. The drafting process is still on-going. Also, this entity has adopted the Law on security of critical infrastructure (Official Gazette of Republika Srpska, 58/19).

Cybercrime legislation

State of cybercrime legislation

Bosnia and Herzegovina due to its divided competences has four Criminal Codes and Laws on Criminal Procedure (state, entities’, and district’s).

The Criminal Code of Bosnia and Herzegovina (Official Gazette of Bosnia and Herzegovina, 3/03, 32/03, 37/03, 54/04, 61/04, 30/05, 53/06, 55/06, 32/07, 8/10, 47/14, 22/15, 40/15) and Criminal Procedure Code (Official Gazette of Bosnia and Herzegovina, 3/03, 32/03, 36/03, 26/04, 63/04, 13/05, 48/05, 46/06, 76/06, 29/07, 32/07, 53/07, 76/07, 15/08, 58/08, 12/09, 16/09, 93/09, 72/13) addresses crime acts which endanger the values protected by the state, while the criminal and criminal procedure codes of entities prescribe offences related to cybercrime, i.e., Criminal Code, Official Gazette of Federation of Bosnia and Herzegovina, 36/03, 37/03, 21/04, 69/04, 18/05, 42/10, 42/11, 59/14, 76/14 and Criminal Procedure Code, Official Gazette of Federation of Bosnia and Herzegovina, 35/03, 37/03, 56/03, 78/04, 28/05, 55/06, 27/07, 53/07, 09/09, 12/10, 08/13, 59/14 and respectively Criminal Code, in Official Gazette of the Republika Srpska, 49/03, 108/04, 37/06, 70/06, 73/10, 1/12, 67/13, 64/17, 2014/18 and Criminal Procedure Code, Official Gazette of the Republika Srpska, 53/12, 91/17, 66/18. In Brčko District - Criminal Code, in Official Gazette of Brčko District, 10/03, 45/04, 06/05, 21/10, 52/11 and Criminal Procedure Code, Official Gazette of Brčko District, 10/03, 48/04, 06/05, 12/07, 14/07, 21/07, 27/14, prescribe all other criminal acts including the ones related to cybercrime.

Abovementioned codes are partially harmonized with the provisions of the Budapest Convention on Cybercrime.

Substantive law

Convention provisions

CC BIH

CC RS

CC FBIH

CC BD

Article 2 – Illegal access

 

Article 411, 413

Article 397

Article 387 and 391

Article 3 – Illegal interception

 

 

Article 393 (2)

Article 387 (2)

Article 4 – Data interference

 

Article 407, 408

Article 393, 398

Article 387 (1)

Article 5 – System interference

 

Article 412

Article 396, 398

Article 387, 392

Article 6 – Misuse of devices

 

Article 409

Article 394 (3), (4)

Article 387 (4), (5)

Article 7 – Computer-related forgery

 

Article 407

Article 394

Article 388

Article 8 – Computer-related fraud

 

Article 410

Article 395

Article 389

Article 9 – Offences related to child pornography

 

Articles 175-178

Article 211, 189 (3)

Article 186, 208, 209

Article 10 – Offences related to infringements of copyright and related rights

Articles 242, 243, 244, 245 and 246

 

 

 

Article 11 – Attempt of aiding or abetting

 

Articles 22-24 Articles 37-39

Articles 28-34

Article 28, 31-33

Article 12 – Corporate liability

 

Articles 103- 122

Articles 126 – 148

Articles 126-148

Article 13 – Sanctions and measures

 

 

 

 

 

Legend: BD (Brčko Distrikt), CC (Criminal Code), FBIH (Federation of Bosnia and Herzegovina), RS (the Republic of Srpska).

Procedural law

The following table presents the implementation of procedural law provisions in the legislation of Bosnia and Herzegovina as provided by the Budapest Convention.

 

Convention provisions CPC BIH CPC FBIH CPC RS CPC BD
Article16 – Expedited preservation of stored computer data   - - -
Article17 – Expedited preservation and partial disclosure of traffic data   - - -
Article18 – Production order   Article 86a Article 137 Article72a
Article19 – Search and seizure of stored computer data   Article 65, 79 Article 115, 129 Article 51, 65
Article20 – Real-time collection of traffic data   Article 130 (2) Article 234 (2) Article 116 (2)
Article21 – Interception of content data   Article 130 (2) Article 234 (2) Article 116

 

Legal interception in Bosnia and Herzegovina has been regulated by the Decision of Council of Ministers of Bosnia and Herzegovina on special obligations of legal and physical entities providing telecommunication services, administrating telecommunication networks and offering telecommunication services in relation to securing and maintaining capacities that shall enable the authorized agencies to carry out legal interception of telecommunications as well as capacities for safeguarding and ensuring telecommunications (Official Gazette of Bosnia and Herzegovina, 104/06).

Safeguards

National legislation protects fundamental human rights and freedoms. Criminal Codes and Criminal Procedure Codes prescribe safeguards for the use of procedural powers enlisted above. Intrusive measures are placed under judicial control.

Related laws and regulations

Legislation that is related to cybercrime in Bosnia and Herzegovina besides the abovementioned:

  • Law on communications (Official Gazette of Bosnia and Herzegovina, 31/03, 75/06),
  • Law on electronic signature (Official Gazette of Bosnia and Herzegovina, 91/06),
  • Law on electronic legal and business transactions (Official Gazette of Bosnia and Herzegovina, 126/07),
  • Law on prevention of money laundering and financing of terrorism (Official Gazette of Bosnia and Herzegovina, 47/14),
  • Decision of Council of Ministers of Bosnia and Herzegovina on special obligations of legal and physical entities providing telecommunication services, administrating telecommunication networks and offering telecommunication services inrelation to securing and maintaining capacities that shall enable the authorized agencies to carry out legal interception of telecommunications as well as capacities for safeguarding and ensuring telecommunications (Official Gazette of B&H, 104/06),
  • Law on Electronic Signature (Official Gazette of the Republika Srpska, 59/08),
  • Law on Electronic Document (Official Gazette of the Republika Srpska, 110/08),
  • Law on Electronic Management (Official Gazette of the Republika Srpska, 59/09),
  • Law on Information Security (Official Gazette of the Republika Srpska, 70/11)
  • Law on Security of Critical Infrastructure (Official Gazette of the Republika Srpska, 58/19).

Specialised institutions

Specialised police cybercrime units were created in the Federal Police Administration and the Ministry of Interior of the Republic of Srpska. These units deal with the investigation of high-tech crime and perform digital forensics. In Brčko District cybercrime is investigated by specialised investigators in the Criminal Police.

In addition, digital forensics is carried out by the Ministry of the Interior of in the Republic of Srpska, the State Investigation and Protection Agency, Border Police of Bosnia and Herzegovina, Agency for forensics and expert examinations, Brčko District Police and cantons’ ministries of interior.

The Council of Ministers of Bosnia and Herzegovina entrusted the Ministry of Security of Bosnia and Herzegovina at its 64th session held on 14 July 2016 to form the Computer Emergency ReportTeam for the institutions of Bosnia and Herzegovina. BiHCERT’s mandate will include services related to provision of information on potential vulnerabilities and management of incidents in the domain of electronic security to all state level institutions and their supporting service providers, it primarily acts as an expert body. This body has been established in March 2017 and operates in the Ministry of Security of Bosnia and Herzegovina.

CERT RS is the national computer security incident response team of the Republic of Srpska. It is part of the Ministry for Scientific and Technological Development, Higher Education, and Information Society of the Republic of Srpska. Its primary mission is the coordination of computer security incident prevention, incident response and general protection of the cyber space of the Republic of Srpska. It is operational since 2015.

International cooperation

Practical guides, templates and best practices

Jurisprudence/case law

Sources and links

Tools on Cybercrime & Electronic Evidence Empowering You!

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe. 

* This designation is without prejudice to positions on status, and is in line with UNSC 1244 and the ICJ Opinion on the Kosovo Declaration of Independence.