Dual criminality in the digital age: Strengthening cross-border cooperation in cybercrime investigations

Francois Regis, NSHIMIYIMANA

doi:10.22059/jcss.2026.402346.1180

Dual criminality in the digital age: Strengthening cross-border cooperation in cybercrime investigations

Document Type : Original article

Author

NSHIMIYIMANA Francois Regis

Judge (on academic leave), Rwandan Judiciary, Researcher on Electronic Evidence in Cybercrime, Károli Gáspár University of the Reformed Church, Hungary.

10.22059/jcss.2026.402346.1180

Abstract

Background: The principle of dual criminality, which requires an act to be criminalized in both the requesting and requested states, is a cornerstone of mutual legal assistance. However, the rise of cybercrime, characterized by its borderless nature and reliance on perishable electronic evidence, has created significant challenges. Divergent legal definitions, procedural variations, and evidentiary standards frequently delay or obstruct cross-border investigations.
Aims: This paper examines the limitations of dual criminality in cybercrime investigations and explores how technological advancements and inconsistent domestic frameworks affect international cooperation.
Methodology: A comparative legal analysis is employed, drawing on the legal systems and practices of Rwanda, Germany, Estonia, and Hungary. These jurisdictions were selected to represent non-EU and EU states with diverse legal traditions. The study also evaluates key international instruments, including the Budapest Convention and its Additional Protocols, alongside mechanisms such as the European Investigation Order.
Discussion: Findings reveal structural and procedural barriers, such as inconsistent offence definitions, jurisdictional conflicts, and inadequate technical capacity, which hinder timely and lawful evidence sharing. These gaps undermine trust and efficiency in cooperation.
Conclusion: The paper recommends harmonizing cybercrime definitions, adopting technology-adapted dual criminality assessments, implementing fast-track evidence-sharing mechanisms, and strengthening mutual trust through capacity-building and rights-protection measures. These steps aim to reconcile dual criminality with the urgent need for efficient and rights-compliant international collaboration.

Keywords

Main Subjects

Main Object: Law

References

Adeniran, A.A.; Adeniran, A.O.; Familusi, O.B. & Adedayo, O. (2024). “The outlook of cybersecurity in African businesses”. Modelling, Analysis and Simulation in Information Systems. 1(2). https://doi.org/10.22105/masi.v1i2.54.

Bacher, G.; Faludi, G.; Faludi, G.; Keller, A.; Kerpel, D.; Loranger, K.; Molnár, B. & Wellmann, G. (2021). “Electronic evidence in Hungary: A general overview”. Digital Evidence and Electronic Signature Law Review. 8: 1-15. https://sas-space.sas.ac.uk/5401/1/1954-2771-1-SM.pdf.

Bąkowski, P. (2023). “Electronic evidence in criminal matters”. EPRS, Members’ Research Service, Briefing PE 690.522. September. https://www.europarl.europa.eu/RegData/etudes/BRIE/2021/690522/EPRS_BRI(2021)690522_EN.pdf.

Boister, N. (2021). An Introduction to Transnational Criminal Law. 2nd ed. Oxford University Press.

Bundesverfassungsgericht (Federal Constitutional Court). (2023). Order of 9 May 2023–2 BvR 558/22 (EncroChat). May 9. https://www.bundesverfassungsgericht.de/SharedDocs/Entscheidungen/EN/2023/05/rk20230509_2bvr055822en.html.

Cao, J. (2025). “A case study of extradition: United States v Meng Wanzhou”. International Journal of Law, Education and Technology. 23: 45-67. https://ijlet.org/wp-content/uploads/2025/01/1.1.2.pdf.

Council of Europe. (2025). Rwanda becomes a party to the Budapest Convention on Cybercrime. January 10. https://www.coe.int/en/web/cybercrime/-/rwanda-becomes-a-party-to-the-budapest-convention-on-cybercrime.

---------------. (2022). Second Additional Protocol to the Convention on Cybercrime (CETS No. 224), arts. 4–7. https://www.coe.int/en/web/cybercrime/second-additional-protocol.

---------------. (2021). Second Additional Protocol to the Convention on Cybercrime on enhanced cooperation and disclosure of electronic evidence (CETS No. 224). https://www.coe.int/en/web/cybercrime/second-additional-protocol/-/asset_publisher/isHU0Xq21lhu/content/opening-coecyber2ap.

---------------. (2019). Cybercrime legislation – Hungary: Legal profile (Act C of 2012 §§ 422–424). https://rm.coe.int/octocom-legal-profile-hungary/16809e59cc.

----------------. (2013). Mutual Legal Assistance Manual. Office in Belgrade. https://www.coe.org.rs.

---------------. (2001). Convention on Cybercrime (ETS No. 185, Budapest, 23 November 2001). https://www.europarl.europa.eu/cmsdata/179163/20090225ATT50418EN.pdf.

Council of the European Union. (2002). “Council Framework Decision of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States (2002/584/JHA)”. Official Journal of the European Communities. L 190: 1-20. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32002F0584.

Coupland, H. (2020). “Investigating cybercrime: The key jurisdictional and technical challenges faced by law enforcement and ways to address them”. University of York Report. https://www.york.ac.uk/media/law/documents/eventsandnewsdocs.

Data Protection Act 2018 (No. 7 of 2018) (Ireland).

Edelman, N. (2020). “Global perspectives on cybercrime legislation”. Journal of Infrastructure Policy and Development. 8(10): 6007. https://doi.org/10.24294/jipd.v8i10.6007.

Estonia. (2024). Penal Code (Karistusseadustik) (consolidated English version). https://www.riigiteataja.ee/en/eli/ee/519012023002/consolide.

---------------. (2017). Penal Code (Karistusseadustik): Consolidated text of 10 January 2017. Riigikogu. RT I 2001, 61, 364 (original); RT I, 31.12.2016, 2 (last amendment). https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/522012015002/consolide.

European Commission. (2024). Cybercrime. Migration and Home Affairs. October 31. https://home-affairs.ec.europa.eu/policies/internal-security/cybercrime_en.

---------------. (2022). Implementing the e-Evidence Regulation: Practical guidance (COM (2022) 355 final). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:C:2022:355:FULL#:~:text=2.

---------------. (2018). Proposal for a Regulation on European Production and Preservation Orders for Electronic Evidence in Criminal Matters (COM (2018) 225 final). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52018PC0225.

Eurojust. (2021). Report on Eurojust’s Casework on Cybercrime. https://www.eurojust.europa.eu/publication/report-eurojusts-casework-cybercrime.

Eurojust & Europol. (2019). Common challenges in combating cybercrime. June. https://www.europol.europa.eu/cms/sites/default/files/documents/common_challenges_in_combating_cybercrime_2018.pdf.

Eurojust & European Judicial Network. (2019, updated regularly). Joint Note of Eurojust and the European Judicial Network on the practical application of the European Investigation Order. https://www.eurojust.europa.eu/publication/joint-note-eurojust-and-ejn-practical-application-european-investigation-order.

European Parliament & Council. (2023). Regulation (EU) 2023/1543 of 12 July 2023 on European Production and Preservation Orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings [2023] OJ L191. https://eur-lex.europa.eu/eli/reg/2023/1543/oj.

---------------. (2014). Directive 2014/41/EU regarding the European Investigation Order in criminal matters (consolidated version). [2014] OJ L130/1. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A02014L0041-20220313.

Federal Ministry of Justice (Germany). (2020). Guidelines on International Mutual Legal Assistance in Cybercrime. Berlin. https://www.google.com/url?sa=i&source=web&rct=j&url=https://rm.coe.int/internationalcoop-annex-to-cw-germany/16809f499a&ved=2ahUKEwip2ZLZrseTAxX98LsIHbenHJkQy_kOegYIAQgDEAE&opi=89978449&cd&psig=AOvVaw2i5w-uMewsxPUjMKlrNhPg&ust=1774951220428000.

Gercke, M. (2012). Understanding Cybercrime: Phenomena, Challenges and Legal Response. 3rd ed. ITU.

Germany. (2020a). Act on International Mutual Assistance in Criminal Matters (IRG) (official English translation). https://www.gesetze-im-internet.de/englisch_irg/englisch_irg.html.

---------------. (2020b). Strafgesetzbuch (StGB) § 202a – Data espionage (official English translation). https://www.gesetze-im-internet.de/englisch_stgb/englisch_stgb.html#p0755.

---------------. (1982). Gesetz über die internationale Rechtshilfe in Strafsachen (IRG) [Law on International Mutual Assistance in Criminal Matters], BGBl. I 1982, 2071, as amended. https://www.gesetze-im-internet.de/irg/BJNR020710982.html.

Habib Zadeh Khiyaban, S. & Sabbar, S. (2022). “Artificial intelligence in credit risk assessment”. Socio-Spatial Studies. 6(2): 1-14. https://doi.org/10.22034/soc.2022.230178.

Higher Regional Court of Hamburg (OLG Hamburg). (2021, January 29). EncroChat decision, 2 Ws 93/21. https://www.landesrecht-hamburg.de/bsha/document/NJRE001454728.

Hungarian Ministry of Justice. (2021). Amendments to the Criminal Code implementing the Budapest Convention. Budapest.

Hungary. (2025). Act C of 2012 on the Criminal Code (official English version, NJT). https://njt.hu/jogszabaly/en/2012-100-00-00.

---------------. (2012). Act CLXXX of 2012 on Criminal Cooperation with the Member States of the European Union.

Institute of Legal Practice and Development (Rwanda). (2023). Judicial Training Curriculum: Electronic Evidence and Cybercrime. Kigali.

Juszczak, A. & Sason, E. (2023). “The use of electronic evidence in the European Area of freedom, security, and justice: An introduction to the new EU package on e-evidence”. eucrim. 2: 182. https://doi.org/10.30709/eucrim-2023-014.

Kao, D.Y.; Hsiao, S.C. & Tso, R. (2019). “Analyzing WannaCry ransomware considering the weapons and exploits”. In 2019 21st International Conference on Advanced Communication Technology (ICACT). February. https://doi.org/10.23919/ICACT.2019.8702049.

Kaushik, P.; Garg, V.; Priya, A. & Kant, S. (2024). Financial fraud and manipulation: The malicious use of deepfakes in business. In Deepfakes and their impact on business (pp. 173–196). IGI Global. https://doi.org/10.4018/979-8-3693-6890-9.ch008.

Korte, M. (2025). “EncroChat–Final word by the German Constitutional Court”. eucrim. July 15. https://eucrim.eu/news/encrochat-final-word-by-the-german-constitutional-court/.

Kulesza, J. (2019a). Cybercrime and International Law. Routledge.

---------------. (2019b). Cybersecurity and Human Rights in the Age of Cyberveillance. Routledge.

Kurshan, E.; Mehta, D.; Balch, T. & Byrd, D. (2025). “AI-driven fraud, financial and cybercrime: Emerging threats and the evolving landscape of AI versus AI”. International Journal of Semantic Computing. https://www.researchgate.net/publication/393752134.

Milanovic, M. & Schmiit, M.N. (2020). “Cyber attacks and cyber (mis)information operations during a pandemic”. Journal of National Security Law & Policy. 11: 247-300. https://doi.org/10.2139/ssrn.3612019.

Plachta, M. (1989). “The role of double criminality in international cooperation in penal matters”. In N. Jareborg (Ed.). Double criminality: Studies in International Criminal Law (pp. 86-111). Iustus Förlag.

R v Baines [2019] UKSC 14.

Ragni, C. (2023). “Digital evidence in international criminal proceedings and human rights challenges”. International Scientific Conference on International, EU, and Comparative Law Issues: Law in the Age of Modern Technologies. https://doi.org/10.25234/eclic/28255.

Republic of Rwanda. (2017). Law No 26/2017 of 31/05/2017 Establishing the National Cyber Security Authority and Determining its Mission, Organisation and Functioning. Official Gazette of the Republic of Rwanda. No. 27, 3 July. https://rwandalii.org/akn/rw/act/law/2017/26/eng@2017-07-03.

Rwanda. (2018). Law No. 68/2018 on the Prevention and Punishment of Cybercrimes. Official Gazette No. Special of 24/08/2018.

Rwanda Investigation Bureau. (2020). Cybercrime statistics during COVID-19 lockdown. RIB Press Statement. July 28. https://allafrica.com/stories/202007300062.html.

Salehi, K. & Habib Zadeh Khiyaban, S. (2025). “AI and crime prevention in the academic literature: An integrative review of AI applications in crime prevention”. Code, Cognition and Society. 1(1): 164-177. https://doi.org/10.22034/ccsr.2025.546552.1016.

Schomburg, W. & Lagodny, O. (2020). Internationaler Rechtshilfeverkehr in Strafsachen. 3rd ed. C.H. Beck.

Shahghasemi, E. (2016). “Human Rights against Human Rights: Sexism in Human Rights Discourse for Sakineh Mohammadi”. Society. 53(6): 614-618. October 26. https://doi.org/10.1007/s12115-016-0073-x.

Shahghasemi, E.; Gholami, F. & Alikhani, Z. (2025). “Global patterns of social media use and political sentiment”. Discover Global Society. 3(1): 36. https://doi.org/10.1007/s44282-025-00171-y.

Sheppard, S.P. (Ed.). (2020). Evidence and the Common Law: The Limits of Cross-Border Admissibility in Digital Investigations. Oxford University Press.

Singh, T. (2024). “Cybercrime and international law: Jurisdictional challenges and enforcement mechanisms”. African Journal of Biomedical Research. 27(3S): 697. https://doi.org/10.53555/AJBR.v27i3S.2101.

Svantesson, D.J.B. (2017). Solving the Internet Jurisdiction Puzzle. Oxford University Press.

Tikk, E. & Kaska, K. (2010). “Legal cooperation to investigate cyber incidents: Estonian case study and lessons”. NATO Cooperative Cyber Defense Centre of Excellence. https://www.ccdcoe.org/uploads/2010/07/Legal_Cooperation_to_Investigate_Cyber_Incidents_Estonian_Case_Study-and_Lessons.pdf.

United Nations. (2000). Convention against Transnational Organized Crime (adopted 15 November 2000, entered into force 29 September 2003), art. 16. https://www.unodc.org/documents/middleeastandnorthafrica/organised-crime/UNITED_NATIONS_CONVENTION_AGAINST_TRANSNATIONAL_ORGANIZED_CRIME_AND_THE_PROTOCOLS_THERETO.pdf .

United Nations General Assembly. (2022). Immunity of State Officials from Foreign Criminal Jurisdiction (UN Doc A/77/10). https://legal.un.org/ilc/reports/2022/english/chp6.pdf.

Wu, C.H. (2021). Sovereignty fever: The territorial turn of global cyber order. Zeitschrift für ausländisches öffentliches Recht und Völkerrecht / Heidelberg Journal of International Law. 81(3): 651-670. https://doi.org/10.17104/0044-2348-2021-3-651.