Octopus Cybercrime Community

The Republic of Moldova adopted a specific Cybercrime Law, that is, Law on preventing and combating cybercrime, nr. 20-XVI, 03.02.2009

It contains inclusive general notions, obligations of service providers, procedures for preservation of computer data and also rules on international cooperation.

Under the Republic of Moldova's legislation, corresponding Budapest Convention provisions are implemented as follows:

Articles 2-6 of the BCC (c-i-a offences) implemented;

Offences of computer forgery and fraud implemented (Art. 7-8 BCC);

Lack of necessary definitions of child pornography offences (Art. 9 BCC);

Concepts of attempt, aiding and abetting not reported to be implemented (Art. 11 BCC);

Corporate liability implemented and applicable to cybercrime offences (Art. 12 BCC)

Criminal code of the Republic of Moldova

Chapter VII - Crimes Against Families And Juveniles

Article 208¹. Infantile Pornography

Chapter X - Economic crimes

Article 237. Production or Putting into Circulation of False Cards or Other Pay Checks

Chapter XI – Computer crimes and crimes in the Telecommunications sphere

Article 259. Illegal Access to Computerized Information

Article 260. Illegal Production, Importation, Marketing, or Offering of Technical Means or Software Products

Article 2601. Illegal Interception of an Information Data Transfer

Article 2602. Violation of the Integrity of the Information Data Contained in a Data System

Article 2603. Impact on Data System Operation

Article 2604. Illegal Production, Importation, Marketing, or Offering of Passwords, Access Codes, or Similar Data

Article 2605. Information Data Forgery

Article 2606. Information Fraud

Article 261. Violation of Data System Security Rules

Article 2611. Unauthorized Access to Telecommunication Networks and Services

Main general framework applicable to all cybercrime investigations can be found in the Code of Penal Procedure.

A definition of subscriber information has been implemented in Electronic Communications Law, Article 2, while traffic data is defined under the Moldovan Code of Criminal Procedure; content data is interpreted to include the content of communications.

Expedited preservation of stored computer data (Article 16 Budapest Convention) is directly implemented by Article 7(c) of the Law on Prevention and Combating Cybercrime of Moldova.

Expedited preservation and partial disclosure of traffic data under Article 17 Budapest Convention is also directly implemented by Article 7, par. 2 of the Law on Prevention and Combating Cybercrime of Moldova.

Production order (Article 18 Budapest Convention) provisions are implemented under Article 7(d) of the Law on Prevention and Combating Cybercrime and are also applicable to service providers – this power is meant to be applied to any person/entity that is in possession or in control of certain computer data.

In terms of search and seizure of stored computer data under Article 19 Budapest Convention, in 2018, Moldova implemented the legal concept of computer search and seizure in compliance with the Convention. (Art. 128 para 5.1-5.4) 

The current legislation of Moldova (Articles 125 and 126 of the Code of Criminal Procedure) is tailored mostly to tangible objects to be searched and seized (instruments used for the commission of the crime, objects and valuables resulting from the crime and other objects and documents that may be of interest for the case); all three categories are interpreted broadly in practice to apply to a computer system. Search and seizure is a procedure driven by a judicial order, unless being performed in exigent circumstances with subsequent authorization from the judge.

Special provisions in the context of search and seizure provided by Article 19 (search of a connected system; making and retaining a copy of those computer data; maintaining the integrity of the relevant stored computer data; rendering inaccessible or removing those computer data in the accessed computer system) are not implemented in Moldovan procedural legislation. At the same time, provisions related to seizing or similarly securing computer data (p. 3(a)) and assistance of specialists in technical matters (p. 4) are covered by general regulations on seizure and involvement of specialists and experts in the criminal proceedings.

Implementation of Article 20 Budapest Convention on real-time collection of traffic data can be found in Article 18, p. 1.1(e) of the Law on Operative and Investigative Activity of Moldova. Notably, application of this operative-detective power can produce evidence admissible in criminal proceedings (Art. 24 of the same Law).

With regards to the interception of content data Article 21 Budapest Convention, Article 135 of the Code of Criminal Procedure refers to the interception of communications (wiretapping), which can be extended also to computer data.

There are definitions of categories of data (subscriber and traffic), however there are no differences in terms of accessing such data, with thresholds and limitations gradually progressing from lightest (subscriber information) to heaviest (content data) types in terms of privacy intrusion.

The Law on preventing and combating cybercrime, nr. 20-XVI, 03.02.2009 contains Article 3 laying down the basic principles of prevention and fight against cybercrime. Preventing and combating cybercrime is carried out on the following principles:

a) legality;

b) respect for human rights and fundamental freedoms;

c) promptness;

d) the inevitability of punishment);

e) information security and protection of personal data;

f) the use of complex measures of prevention: legal, socio-economic and information technology;

g) social partnership, cooperation between public administration authorities with international organizations, non-governmental organizations, other civil society representatives.

• Law concerning Electronic Communications Law Nr. 241 of 15.11.2007
• Law Nr. 20 from 3 February 2009 on the prevention and combating of cybercrime
• Law on Personal Data Protection no.133 from 08 July 2011

The legal competence to begin and direct criminal investigations belongs to:

1. The Center for Combating Cyber Crime of National Inspectorate for Investigations GPI of MIA
2. The general prosecutor's office, Specialized division - Department for Informational Technology and Combating Cybercrime .

It is also a competence of the Prosecution Service to send and to receive MLA requests.

24/7 points of contact and police cooperation

In Moldova, there are two 24/7 contact points

1. The first contact point 24/7 is located in the The Center for Combating Cyber Crime of National Inspectorate for Investigations GPI of MIA
2. The second 24/7 contact point is located in the general prosecutor's office, in the specialized division - Department for Informational Technology and Combating Cybercrime.

The 24/7 point of contact at the General Police Inspectorate provides police-to-police cooperation under the Budapest Convention and the network of the G7, processing only operative and intelligence information (cannot be used as evidence in criminal proceedings). It does not receive and process mutual legal assistance requests, but can provide technical assistance and support/advice.

In cases of terrorism or similar offences, urgent measures can be undertaken provided that the sanction of the court in Moldova verifying the request is received within 24 hours. The particular measures/steps will be decided on a case-by-case basis.

Mutual legal assistance authorities

The Prosecutor General's Office of the Republic of Moldova, Department for International Legal Assistance is the designated central authority for the stage of pre-trial investigation. Requests at the stage of trial proceedings or sentence execution are dealt with by the Ministry of Justice, International Legal Cooperation Division. Interpol National Contact Point can receive but not implement the MLA request and has to send it to the competent authority for action.

For outgoing requests, the requesting authorities (prosecution offices or investigators) have to address all their communications to the central authority, which ensures further processing of requests with foreign competent authorities.