Navigating EU law enforcement data collection requirements

How agencies can use publicly available data while addressing compliance, governance, and proportionality expectations in Northern Europe

Across regulated European markets, EU law enforcement data collection is facing increased scrutiny, especially around how investigative tools collect, process, and manage publicly accessible information.

This shift is creating:

• longer procurement cycles
• deeper legal and compliance reviews
• increased focus on governance and accountability
• greater scrutiny around investigative workflows and proportionality
• Slower access to the tools that help improve case solve rates

At the same time, investigative teams are under pressure to move faster, manage growing volumes of information, and operate within increasingly complex regulatory environments.

As a result, organizations are no longer evaluating investigative tools based solely on capability. They are evaluating whether those tools align with evolving legal, operational, and governance expectations.

As regulatory scrutiny increases across Europe, organizations are evaluating not only what investigative tools can do, but how those tools operate in practice.

This is increasingly shifting procurement conversations away from pure capability and toward questions of:

• operational control
• defensibility
• transparency
• governance alignment

The Horizon® Platform is well aligned to these evolving expectations because its investigative model is built around targeted, investigator-directed workflows rather than broad or indiscriminate information collection. In addition, for organizations that require investigation data to remain within the European Union, ShadowDragon® offers an EU-hosted environment within The Horizon® Platform, helping support regional data residency, procurement, and governance requirements.

Designed around targeted investigations

A central concern under Directive (EU) 2016/680 is whether collection activity can be tied to a specific investigative purpose and justified as necessary and proportionate.

The Horizon® Platform supports this through workflows that are:

• investigator initiated
• case-driven
• targeted to specific entities, events, or investigative leads

This operational model is more closely aligned with how investigations are authorized, documented, and reviewed within regulated environments.

Rather than emphasizing large-scale or undefined information gathering, the platform supports focused investigative activity tied to operator intent and investigative scope.

Operational control supports governance

Organizations increasingly need the ability to align investigative activity with:

• internal policy requirements
• jurisdictional restrictions
• legal guidance
• operational oversight processes

The Horizon® Platform supports this through configurable workflows and source-level controls that allow organizations to:

• enable or disable specific sources
• tailor workflows to local requirements
• reduce unnecessary collection exposure
• maintain tighter operational governance

This level of control can help reduce friction during procurement, legal review, and internal compliance discussions.

Transparency and attribution improve defensibility

Investigative outputs are increasingly expected to be explainable and traceable.

The Horizon® Platform maintains attribution to original publicly accessible sources, helping organizations:

• validate investigative findings
• reproduce investigative steps
• support evidentiary review
• respond more effectively to oversight or audit requests

This emphasis on transparency is particularly important in environments where investigative actions may later be reviewed by legal, compliance, or supervisory bodies.

A measured approach to AI aligns with current market expectations

Many organizations are still evaluating how AI should be introduced into investigative workflows.

Common concerns include:

• inability to explain how conclusions were generated
• limited visibility into source provenance
• uncertainty around legal defensibility
• reduced investigator oversight

The current approach within the Horizon® Platform emphasizes investigator control, source visibility, and attributable investigative workflows.

This measured approach aligns well with organizations seeking to modernize investigative processes while maintaining transparency and operational accountability.

Alignment with data sovereignty expectations

European organizations are also placing increased focus on where information is processed, stored, and managed. To support these requirements, ShadowDragon® offers an EU-hosted environment within The Horizon® Platform for organizations that require investigation data to remain within the European Union. This can help address procurement, governance, and data residency requirements that are increasingly common across regulated public sector and law enforcement environments.

Flexible deployment options, including EU-based infrastructure considerations, can help organizations align investigative operations with:

• regional data handling requirements
• internal security policies
• procurement expectations around jurisdictional control

This is becoming an increasingly important factor in regulated procurement environments.

Supporting investigations without sacrificing control

Modern investigative teams are operating in an environment where they are expected to:

• move quickly
• work with increasing volumes of information
• maintain accountability and oversight
• operate within tighter compliance boundaries

The Horizon® Platform helps in this environment because it supports organizations in identifying relevant information, investigating within controlled parameters, and monitoring investigative activity with greater transparency and governance alignment.

Customers evaluating investigative tools are consistently asked:

• Can we justify collecting this information under EU law?
• Is the collection targeted and proportionate?
• Can we control what sources are used?
• Can we explain and defend this during audit or legal review?
• Where does responsibility sit between our organization and the platform?

The following sections address these questions in the context of current EU regulatory frameworks and operational expectations.

Beyond GDPR: the role of the law enforcement directive

While GDPR is often the starting point for data protection discussions, law enforcement agencies operate under a more specific framework.

Directive (EU) 2016/680 governs the processing of personal data for criminal investigations and public security purposes.

This directive requires that processing be:

• lawful
• necessary
• proportionate to a defined purpose

These principles are specifically outlined in Article 4 of Directive (EU) 2016/680, which establishes the core principles relating to processing of personal data.

Additional provisions addressing lawfulness of processing and distinctions between categories of data subjects are addressed in:

• Article 8: Lawfulness of processing
• Article 10: Distinction between different categories of data subjects

The directive also introduces stronger expectations around:

• accountability
• auditability
• oversight

At the national level, these requirements are implemented through local legislation. For example, Denmark enforces these principles through Act No. 410 of 27 April 2017.

Regulators further clarify that these activities are distinct from standard GDPR processing.

Implementation and interpretation may vary between EU member states. Organizations should ensure that investigative workflows align with applicable national legislation, internal policy requirements, and local legal guidance.

The emerging tension

This regulatory environment is creating a consistent operational challenge:

• investigative teams are expected to deliver faster and more accurate results
• access to information is becoming more restricted
• compliance requirements are becoming more stringent

The result is a gap between what investigators need to do and what they can easily justify.

Publicly accessible information can be used lawfully
Publicly accessible information remains a valid and important input for investigations.

Under Directive (EU) 2016/680, law enforcement authorities are permitted to process personal data, including publicly accessible information, provided that processing is:

• tied to a specific investigative purpose
• necessary for that purpose
• proportionate in scope and method

The requirement is not to avoid using publicly accessible information. The requirement is to ensure that its use can be clearly justified.

The Horizon® Platform is designed to work with publicly accessible information and does not circumvent access controls, private account protections, or restricted-access environments.

What customers must demonstrate

Organizations are increasingly required to show:

• why specific information was collected
• how it relates to a defined case
• that collection was targeted rather than excessive

Why approach matters

Approaches based on bulk or undefined data gathering are harder to justify. Targeted, case-driven collection is more aligned with:

• necessity requirements
• proportionality standards
• internal authorization processes

Applying justification in practice

Consider a financial investigation involving suspected fraud.

An investigator may:

• identify a specific individual or entity under investigation
• collect publicly accessible profiles, posts, or affiliations related to that subject
• limit collection to sources relevant to the case
• document how each data point supports the investigation

This type of targeted, case-linked approach is easier to justify under EU legal frameworks than broad, exploratory collection without a defined scope.

Compliance is no longer just about policy. It is about execution.

Organizations must be able to demonstrate that investigations are conducted in a controlled and accountable way.

What good governance looks like

Investigative workflows should support:

• targeted collection tied to specific cases
• control over which sources are used
• alignment with internal policies
• clear attribution to original sources
• the ability to review and justify actions

How The Horizon® Platform supports this

The Horizon® Platform enables organizations to operationalize these requirements through user-controlled workflows.

This includes:

• targeted, real-time collection reducing unnecessary information exposure
• source-level controls allowing teams to enable or disable sources based on policy or jurisdiction
• source attribution ensuring traceability for evidentiary and compliance purposes
• flexible deployment options supporting EU-based infrastructure and data sovereignty needs

Clear differentiation: targeted vs bulk collection

One of the most important distinctions in current evaluations is between:

• targeted investigative workflows
• bulk or indiscriminate information collection

Targeted approaches:

• are easier to justify legally
• reduce compliance risk
• align with how investigations are authorized

Bulk approaches:

• increase risk of overcollection
• are harder to defend during audit
• often create friction in legal review
• AI and transparency

Customers are also evaluating how AI is used in investigative workflows.

Common concerns include:

• lack of transparency in outputs
• difficulty tracing results back to sources
• challenges in legal defensibility

A controlled approach that maintains:

• source attribution
• user oversight
• the ability to enable or disable advanced capabilities is often better aligned with current regulatory expectations.

Legal roles

Under EU frameworks:

• the customer is the data controller
• the platform operates as a data processor

Reference:

https://commission.europa.eu/law/law-topic/data-protection/legal-framework-eu-data-protection_ en

What this means in practice

The customer is responsible for:

• defining purpose and legal basis
• approving investigative scope
• ensuring compliance with applicable law

The platform:

• enables access to publicly accessible information
• operates based on user direction
• does not determine investigative intent

Evolving expectations

Customers now expect platforms to support compliance by:

• enabling controlled workflows
• reducing the risk of unnecessary collection
• maintaining transparency in information sourcing
• supporting internal governance processes

Responsibility may be defined legally, but compliance is achieved operationally.

European customers are placing increased emphasis on:

• where information is stored and processed
• whether information can remain within EU jurisdictions
• how cross-border information flows are managed

Flexible deployment options and EU-based infrastructure can play a key role in addressing these concerns.

Organizations that successfully move through legal and procurement review typically demonstrate:

• a clearly defined investigative use case
• documented justification for information collection
• use of targeted workflows instead of broad searches
• transparency in which sources are accessed
• alignment with internal policies and legal guidance
• the ability to explain and reproduce investigative steps

Providing this level of clarity helps reduce delays and improves the likelihood of approval.

To move efficiently through approval processes, organizations should be prepared to clearly explain:

• how collection aligns with Directive (EU) 2016/680
• how necessity and proportionality are enforced
• how workflows are governed and controlled
• how source attribution is maintained
• how responsibility is divided between user and platform

While increased scrutiny can slow adoption, it also creates an opportunity.

Approaches that emphasize:

• targeted information collection
• strong governance controls
• transparency and attribution
• controlled investigative workflows are better positioned to succeed in regulated environments.

Across regulated European environments, expectations around investigative workflows are evolving rapidly. As scrutiny around EU law enforcement data collection increases, agencies need investigative workflows that are targeted, transparent, accountable and defensible.

Publicly accessible information remains essential to modern investigations, but organizations are increasingly expected to demonstrate that collection activity is:

• justified
• targeted
• transparent
• operationally accountable

As legal, procurement, and oversight scrutiny increases, investigative teams need tools that support both operational effectiveness and governance alignment.

The Horizon® Platform is well positioned in this environment because it enables organizations to identify relevant information, investigate within controlled parameters, and monitor investigative activity with greater transparency and operational oversight.

By emphasizing:

• targeted investigative workflows
• investigator-directed collection
• source attribution and traceability
• configurable governance controls
• operational transparency

ShadowDragon® aligns well with the direction many regulated organizations are moving as they modernize investigative capabilities while maintaining accountability and defensibility.