ISP-LEA Best Practice Guidelines

Cooperation between service providers and law enforcement against cybercrime
- towards common best-of-breed guidelines?

This project was funded by the Council of Europe. The guidelines are now available on

A working group was established by the Council of Europe led by Mr. Cormac Callanan and Mr. Marco Gercke, to support the drafting of a study regarding the cooperation between law enforcement agencies and providers. The output of the study is a set of guidelines aimed at improving the cooperation between law enforcement agencies and service providers against cybercrime based on good practices or processes already established by industry, both in terms of criminal compliance and in terms of other types of cooperation.

The guidelines function as a policy paper for requests for cooperation against cybercrime generally but also provide very practical guidance on criminal compliance to law enforcement and service providers of all sizes and all countries. For example, advising ISPs that it is a good practice to provide a designated point of contact to handle the relationship with law enforcement, or advising law enforcement that it is good practice to train their personnel on which information and how to request information from ISPs, and understand the differences between them. Other examples would be reminding ISPs that they have to define which law is applicable to the request, that is is good practice to provide guidance to law enforcement on how to make a request, that ISPs should articulate what information they are able to provide and disclose, whether they have after hours emergency procedures or not, reminding law enforcement that they should - to the extent possible - limit the interactions with ISPs to trained personnel, and where possible prioritize their requests so that the service providers may address those that are most important first. etc.