On 24 June 2026, the European Commission published a new package of criminal justice proposals aimed at strengthening and modernising the EU’s capacity to prevent, detect, investigate and prosecute serious cross-border crime. It comprises four proposals: a proposal for revision of the European Investigation Order (EIO) Directive, a proposal for a new Eurojust Regulation, a proposal for a new Europol Regulation, and a proposal for a regulation introducing targeted amendments to the EU Data Protection Regulation applicable to Union institutions, bodies, offices and agencies (EUDPR). The package is underpinned by the logic that the entire enforcement chain –from law enforcement intelligence to judicial coordination and prosecution–should function as a seamless continuum. It is, moreover, one element of a wider legislative programme through which the Union has been systematically expanding its criminal enforcement capacity. Milestones in that programme include the adoption of the AML legislative package (read more here), including the establishment of the AMLA, the criminalisation of violations of EU restrictive measures (see our blog post), the harmonisation of the framework for corruption offences (read more here), and the strengthening of the environmental criminal offences framework (see our blog post).
Strengthening the European Investigation Order
The EIO, established by Directive 2014/41, has been the primary instrument for cross-border gathering of evidence in criminal matters since it began to apply in May 2017. However, evaluations identified several areas where Member States interpret the Directive inconsistently or lack specific procedures, prompting the Commission to consider targeted legislative amendments.
The proposal aims to provide greater legal certainty by clarifying: (i) the use of evidence for other purposes and its onward transfer; (ii) the definition of ‘telecommunications’ and the procedural aspects of the notification procedure for interception without the need for technical assistance from another Member State; (iii) the definition of ‘issuing authority’; and (iv) the procedures to request evidentiary use of information previously exchanged between law enforcement authorities or spontaneously exchanged between judicial authorities.
Beyond those clarifications, the proposal also sets out dedicated rules on the use of technical recording devices and on cross-border surveillance for evidence-gathering purposes, and clarifies the interaction between the EIO framework and cross-border surveillance under Article 40 CISA. To enhance the timely execution of real-time evidence-gathering measures –such as controlled deliveries, telecommunications interception and cross-border surveillance– the proposal introduces a provisional execution mechanism, available where strictly necessary to preserve their effectiveness. It also addresses deficiencies identified in the standard EIO form, with a view to reducing legal ambiguities that can lead to delays, refusals of execution, or inconsistent procedural safeguards.
In addition, the proposal creates an entirely new mutual recognition instrument: the European Remote Participation Order (ERPO). Its aim is to facilitate the participation of suspects, accused persons and victims of crime in criminal court hearings from another Member State by videoconference or other distance communication technology. The Commission notes that only some Member States currently have specific rules on cross-border remote participation, and the content of those rules differs significantly. The ERPO framework is designed to fill this regulatory gap, ensure fair proceedings, and reduce the number of cross-border trials in absentia. As a general rule, issuance of an ERPO requires the consent of the person concerned, with a narrowly framed derogation subject to strict safeguards and judicial oversight.
Eurojust: a more proactive judicial coordination hub
A central driver of the proposed revision of the Eurojust Regulation is the recognition that serious cross-border crime has evolved considerably. The proposal therefore explicitly includes emerging areas of crime, most notably cybercrime and violations of EU restrictive measures (including those with a hybrid dimension). The inclusion of restrictive measures violations reflects the growing geopolitical dimension of organised crime and the importance of ensuring that breaches of Union sanctions attract the same level of judicial coordination as more traditional forms of serious crime.
In addition, the proposed regulation lays down a minimum set of powers that national members must hold. These include, inter alia, the ability to directly contact and exchange information with competent authorities, open and manage cases in Eurojust’s case management system, organise coordination meetings, participate in and facilitate joint investigation teams, and ask national authorities to undertake investigations or prosecutions. Crucially, with the agreement of the competent national authority –or, in urgent cases where it is not possible to identify or contact that authority in a timely manner, without such agreement– national members may also issue or execute requests for judicial cooperation or mutual recognition instruments, including EIO and freezing orders. In such urgent cases, the competent national authority must be informed without undue delay, and any measures taken remain subject to review by the competent national authorities and courts in accordance with applicable national procedural law.
Besides, the proposal introduces judicial coordination platforms –semi-permanent structures that Eurojust may establish at the request of two or more Member States, or on its own initiative with the agreement of the Member States concerned, to support complex cross-border investigations. These build on the experience of the International Centre for the Prosecution of the Crime of Aggression against Ukraine, which Eurojust already hosts.
Governance reform is another major pillar of the revision. The proposal introduces a bipartite governance structure that cleanly separates management functions from operational ones. In parallel, the proposal substantially deepens Eurojust’s operational integration with other EU bodies, including Europol and EPPO as well as OLAF, AMLA, and the new EU Customs Authority.
Europol: a strengthened EU information, operational and technology hub
The proposal for a new Europol Regulation acknowledges that the boundaries between cybercrime, financial crime and terrorism are converging, with hybrid threats adding further complexity. In light of that, the EU’s law enforcement architecture failed to keep pace with the scale, speed and technological sophistication of modern criminal networks: criminal information is siloed across authorities, jurisdictions and systems, and law enforcement responses are often organised along national lines. The proposal therefore restructures Europol around three reinforced functions: an EU information hub, an operational hub, and a technology and innovation hub.
First of all, the proposal introduces automated and structured data-sharing mechanisms between Member States and Europol, including a Police Shared Data Space built on sovereign cloud infrastructure. This replaces the current model which relies on bilateral and largely ad-hoc information exchange. A permanent Operational and Analysis Service is proposed to function as Europol’s operational nerve centre, providing continuous 24/7 coordination of information exchange and criminal intelligence analysis. The proposal further establishes an updated role for Europol in the Schengen Information System and other EU information systems and introduces an EU Police Digital Identity as a minimum access standard for law enforcement use of Europol’s services.
Secondly, the proposed Regulation introduces Europol Support Offices embedded within national Europol units in each Member State. Staffed by Europol personnel with prior experience in Member State authorities, these offices will be designed to provide continuous operational integration of Europol’s analytical and technical capabilities directly into national investigation. In addition, Europol’s operational architecture is reorganised around Centres of Operational Expertise covering the key crime areas within Europol’s mandate. All Centres are tasked to address hybrid dimensions as a cross-cutting priority.
Thirdly, Europol will be empowered to develop, host, operate and provide shared advanced technological capabilities, including AI-enabled applications, secure information-processing environments, forensic capabilities, cloud-based collaborative environments, and capabilities supporting the lawful processing of encrypted data. A dedicated Capabilities and Innovation Service and a Capabilities and Innovation Advisory Group will coordinate this work across Member States and relevant EU bodies. To resource these ambitions, the Commission projects to increase Europol’s budget to approximately €3 billion over 2028–2034.
EUDPR amendments: a more consistent framework
The fourth element of the package is a targeted amendment to EUDPR. The proposal closes a structural gap by explicitly bringing the EPPO within the scope of the data protection rules that already apply to other EU Justice and Home Affairs agencies. It also harmonises supervisory powers, standardises record-keeping and international data transfer rules, and updates breach notification requirements in line with the Digital Omnibus proposal. The overall effect is a more consistent and legally coherent data protection framework across the EU’s criminal justice bodies.
Outlook: next steps
The four proposals will now go through the ordinary legislative procedure. At Council level, Ireland, which undertook the Presidency as of 1 July 2026, is expected to advance the files towards a general approach, with criminal law and judicial cooperation already identified among its priorities. In Parliament, the files are expected to be referred to the LIBE Committee, which will appoint rapporteurs to steer the work on each of the proposals. Given the scope and ambition of the package, the negotiations are likely to be politically and technically substantive. The timeline for entry into force will depend on the pace of interinstitutional negotiations. Businesses –particularly those operating across borders, handling sensitive data, or active in sectors such as financial services, technology and logistics– are well advised to monitor the progress of this package closely, as the expanded operational and data-sharing capabilities of Europol and Eurojust, combined with a more coherent data protection framework, are likely to increase the frequency and depth of the law enforcement interaction with corporate actors across the Union.

For further information, please contact:
Stefaan Loosveld, Partner, Linklaters
stefaan.loosveld@linklaters.com




