Categories
Uncategorized

EncroChat/Sky ECC in 2024–2025: when are “ultra-technical” interceptions admissible in criminal cases, and what it means for Romania

Building on major European investigations, the article explains the legal framework for using high-tech interception data in organised crime and drug-trafficking cases. It covers European Investigation Orders, data-protection and fair-trial constraints, as well as the growing link with EU sanctions-evasion offences, giving both prosecution and defence a structured way to assess these evidence packages.

Executive summary. The Court of Justice’s 30 April 2024 judgment in C-670/22, M.N. (EncroChat) clarified when data obtained in one Member State may be transmitted and used as evidence in another via a European investigation order (EIO)—including where the initial collection involved the infiltration of encrypted devices/services. In 2025, France’s Cour de cassation began trimming EncroChat-driven proceedings on procedural grounds, underscoring that national courts retain genuine control. In parallel, litigation before the EU courts over Sky ECC (including an order in T-484/24, FF v Eurojust and Europol (Sky ECC III), 26 June 2025) shows the debate is not over. For Romania, the practical stakes are chain of custody, cross-border notification, and the effective right of the defence to comment on decisive evidence—failing which courts must exclude it. (EUR-Lex)

1) What the CJEU actually decided in M.N. (EncroChat)

The Court held that an EIO issued for the transmission of evidence already in the possession of the executing State (e.g., France) may be issued by a public prosecutor, not only by a judge—provided that, in a purely domestic case, that prosecutor could order the same transmission under national law. The EIO need not mirror the conditions governing the original collection; however, there must be subsequent judicial review ensuring fundamental-rights compliance for the person concerned. (EUR-Lex)

If the infiltration of devices occurred on the territory of another Member State, that State must be notified in due time and may seek termination of the measure if it would not have been authorised domestically. This protects both the notified State’s sovereignty and the rights of those targeted. (EUR-Lex)

Crucially for practice, national courts must exclude the evidence where the person could not effectively comment on it and the evidence has a preponderant influence on the findings of fact. The test centres on adversariality and defence access to core material. (EUR-Lex)

For doctrinal context, see concise analyses in EUCRIM and the European Journal of Risk Regulation (Cambridge). (Eucrim)

2) France, 2025: early cuts by the Cour de cassation in EncroChat cases

On 26 March 2025, the Criminal Chamber allowed a partial cassation where a lower court had dismissed a nullity plea as inadmissible for “lack of interest” (the suspect denied being the pseudonymous device user). The Cour de cassation noted that the case record attributed the device to the person, so an interest to challenge existed and the nullity had to be examined on the merits—leading to partial cassation of the conviction. Other decisions the same day confirm that each link (lawfulness of collection, cross-border notification, defence access) may be reviewed by national judges rather than rubber-stamped due to a pan-European investigation label. (Legifrance)

3) Sky ECC at the EU courts: why the framework still matters

In T-484/24, FF v Eurojust and Europol (Sky ECC III), the General Court issued an order on 26 June 2025, published 8 September 2025, dealing with non-contractual liability and alleged unlawful data processing in the Sky ECC context. While much of the application was found inadmissible or unfounded, the order illustrates that challenges to the cooperation architecture (JITs, Europol/Eurojust roles, data handling) are being litigated in Luxembourg—not just the admissibility of downstream evidence in national trials. (EUR-Lex)

4) What this means in Romanian cases

(a) EIOs issued by prosecutors. After M.N. (EncroChat), an EIO for transmission of material already collected in the executing State may be issued by a prosecutor if, domestically, the same authority could lawfully obtain such a transmission. That does not relieve Romanian courts of a real review of fundamental-rights compliance (defence access, effective opportunity to challenge, proper notification, etc.). (EUR-Lex)

(b) Cross-border notification. Where infiltration targeted persons on Romanian territory, the foreign authority had to notify Romania; Romania could have stopped the measure if it would not be authorisable internally. Absence of clear notification proof invites defence objections under the EIO Directive (2014/41/EU) and can support exclusion. (EUR-Lex)

(c) Right to comment on decisive evidence. If chat dumps/audio/files are decisive yet the defence lacks the means to contest them (e.g., no metadata, no integrity logs, opaque collection method), the court must exclude. This is the sharpest tool post-M.N.. (EUR-Lex)

(d) Chain of custody & Europol. Many EncroChat cases involved routing via Europol servers. M.N. indicates what must be checked: who collected initially, how data moved, what was (not) altered, and when the notified State was informed. Defence should request the full technical trail (hashes, logs, integrity reports); otherwise, the evidence may fail the adversariality test. (EUR-Lex)

5) “Obscure but crucial”: materials worth citing

  • CJEU Press Release 77/24 (30.04.2024) – a tight summary to quote in submissions. (Curia)
  • EUR-Lex – judgment in C-670/22 and the EIO Directive text (2014/41/EU) – for exact passages (definitions, issuing authority, scope). (EUR-Lex)
  • EUCRIM (2024) and EJRR (Cambridge) – case notes that frame admissibility and fair-trial safeguards after M.N.. (Eucrim)
  • Legifrance – Cour de cassation, 26.03.2025 – examples of procedural filtering on EncroChat. (Legifrance)
  • General Court, T-484/24 (Sky ECC III) – order of 26.06.2025 – litigation on the cooperation framework. (EUR-Lex)

6) Link to the new EU Sanctions Directive (2024/1226)

Though not about EncroChat per se, Directive (EU) 2024/1226 (adopted 24 April 2024) criminalises the violation/circumvention of EU restrictive measures, entered into force on 19 May 2024, and set a 20 May 2025 transposition deadline. On 23–24 July 2025, the Commission opened infringement procedures against Member States lagging in transposition. As this regime beds in, expect special investigative techniques (like those used against organised crime) to appear more often in sanctions-evasion cases—where e-evidence and cross-border cooperation are central. (EUR-Lex)

7) Practical checklists

Defence (Romania).

  1. Demand the full EIO file and technical artefacts (hashes, logs, integrity reports). If unavailable, argue lack of effective opportunity to commentexclusion. (EUR-Lex)
  2. Verify notification if the measure touched Romanian territory; challenge absent/late/defective notification under the EIO Directive. (EUR-Lex)
  3. Test whether a prosecutor-issued EIO fits the domestic-like standard in M.N.. (EUR-Lex)
  4. Use Cour de cassation (26.03.2025) to contest “formalistic” dismissals of nullity interest. (Legifrance)
  5. Where JIT/Europol/Eurojust are invoked, scrutinise the mandate and data handling; note pending Sky ECC litigation in Luxembourg. (EUR-Lex)

Prosecution (Romania).

  1. Document chain of custody and metadata; append explanatory notes on techniques and integrity assurances.
  2. Show when/how cross-border notification occurred and any response received.
  3. Ensure defence access to core material to avoid exclusion under M.N.. (EUR-Lex)

8) Bottom line

M.N. (EncroChat) does not “green-light” blind reliance on ultra-technical captures. It supplies a framework: properly issued EIOs, timely notification, and—above all—the defence right to challenge. In 2025, national courts (e.g., France) show they meaningfully police these requirements. In Romania, EncroChat/Sky ECC and sanctions-evasion files will ultimately turn on evidence discipline and technical transparency—or the evidence risks exclusion. (EUR-Lex)