1. The Law ratifying the Convention on Cybercrime (Budapest Convention), L.22(III)/2004. This legislation covers hacking, child pornography and fraud committed via electronic communication and the Internet.

2. The Law that revises the legal framework on the prevention and combating the sexual abuse and sexual exploitation of children and child pornography, L 91(I)/2014. This legislation ratifies the EU Directive 2011/93/ΕΕ and covers child pornography, grooming and notice and takedown.

3. The Law ratifying the Additional Protocol to the Convention on Cybercrime, concerning the Criminalization of Racist and Xenophobic acts, L.26(III)/2004. This legislation covers racism and xenophobia via computer systems and the Internet.

The Law ratifying the Convention on Cybercrime (Budapest Convention), L.22(III)/2004. This legislation covers hacking, child pornography and fraud committed via electronic communication and the Internet. The L22(III)/2004 includes:

• Art. 48: Offences against confidentiality integrity and availability of computer data systems
• Art. 910: Computer-related offences
• Art. 11: Contentrelated offences
• Art. 12: Offences related to infringements of copyright and related rights

The Law that revises the legal framework on the prevention and combating the sexual abuse and sexual exploitation of children and child pornography, L 91(I)/2014. This legislation ratifies the EU Directive 2011/93/ΕΕ and covers child pornography, grooming and notice and takedown. The L91(I)/2014 includes provisions on “websites containing or disseminating child pornography” (art. 11).

The following investigative techniques are permissible under national law:

• search and seizure of information systems/computer data ( Code of Criminal Procedure)
• preservation of computer data (Law 22(III)/2004)
• order for stored traffic/content data; however, only for stored traffic data (Law 183(I)/2007)
• order for user information (Law 183(I)/2007).

National law does not allow for real-time interception/collection of traffic/content data. However, Law 183(I)/2007 forces ISPs to store telecommunication and traffic data for the purpose of investigation for a period of six months. The use of specialised software such as Child Protection System (CPS) and NetClean facilitate cybercrime investigations.

The right to privacy and freedom of communication are protected under Articles 15 and 17 of the Cyprus Constitution. Specific provisions for the protection of fundamental rights and freedoms are also included in the relevant legislation (specified under section 3.2).

In July 2018, Cyprus adopted a national law ”providing for the protection of natural persons with regard to the processing of personal data and for the free movement of such data” (L. 125(I)/2018) (unofficial English translation). This Law supplements the EU General Data Protection Regulation (GDPR) (Regulation no 2016/679).

• The Law on the Retention of Telecommunication data for the investigation of serious offences, L. 183(I)/2007. This legislation transposed Directive 2006/24/JHA. Although the Directive was invalidated by the Court of Justice of the EU, the national law is still valid. The national law is founded on a constitutional provision and it includes specific safeguards for the protection of privacy; for example, communication data are released only following a court order. A case was recently filed with the Supreme Court on the impact of the annulment of the EU Directive on Law 183(I)/2007 and the Supreme Court found that it complied with the European Convention of Human Rights.
• Law 112(I)/2004 Regulating Electronic Communication and Postal Services.
• Law implementing Directive 2013/40/EU on attacks against information system, 147(i)/2015.
• Law on the protection of the privacy of the communication and access to written communication content, Law 216(i)/2015
• Law 89(I)/2020 on the security of networks and information systems https://dsa.cy/legislation/laws (only available in Greek)

Police-to Police Cooperation

Cyprus cooperates with EU and third countries on the basis of bilateral and multilateral agreements in this field and other channels for exchange of information. The O.C.C cooperates closely with the following organisations:

• Europol/EC3/AWF/ EMPACTS
• EUCTF (European Union Cybercrime Taskforce)
• CIRCAMP (COSPOL Internet Related Child Abusive Material Project)
• ENISA (European Network and Information Security Agency)
• ECTEG (European Cybercrime Training and Education Group)
• CEPOL (European Police College)
• EUROJUST (European Union’s Judicial Cooperation Unit)
• CERT-EU (Computer Emergency Response Team)
• INTERPOL (International Criminal Police Organization)
• European Commission
• EEAS (European External Action Service)
• USA FBI
• VCACITF (Violence Crime Against Children International Task Force) USA FBI.
• Council of Europe (T-CY Assessment)

Judicial Cooperation

Law 23(I)/2001 on International Cooperation in Criminal Matters is the national law applicable to MLA requests. In addition, MLA is carried out on the basis of bilateral agreements and conventions such as the European Convention on Mutual Assistance in Criminal Matters, Law 2(III)/2000 and the Convention on Cybercrime Law 22(III)/2004. 

The Ministry of Justice and Public Order is the central authority for receiving and sending requests for mutual legal assistance. For the purpose of simplifying and improving international cooperation a Unit for International Legal Cooperation has been established within the Ministry of Justice and Public Order. A written letter of request must be sent by email, fax or post. 

The Ministry of Justice and Public Order receives incoming requests from abroad and sends out MLA requests. Incoming requests are evaluated by the Ministry and forwarded for execution to the competent judicial authority in Cyprus. Regarding outgoing requests, the Ministry also collects requests received internally and sends them abroad.